With Privacy Regulations Looming, Here’s How Companies Can Prepare

As discussions around federal privacy regulations resurface, patience is running low and Federal Trade Commission (FTC) officials have agreed that if Congress doesn’t take action to protect consumer privacy, they will. States are also refusing to wait—California, Maine, Nevada, Virginia, and, most recently, Utah have all passed legislation related to privacy, and many more are continuing to push for more comprehensive data privacy laws.

With all signs pointing to the likelihood of a federal data privacy law, or at the very least a significant increase in states’ adoption of comprehensive privacy legislation, companies should no longer delay implementing new privacy and security measures. Now is the time to onboard new privacy tools for your business and enact a security and compliance plan for when these laws are set in stone.

It’s Time for a New Addition to the C Suite

But where and how do you get started? When outlining a data privacy plan, you have to consider your entire workforce—from remote and in-office employees, to full-time workers, part-time employees, freelancers, and even third-party providers. Then you can start considering additional measures. It’s time for a new chief: chief compliance officer.

Surprises can be great...but they can also be costly. Given how quickly legislation is rolling out in individual states across the United States, it’s hard to keep track of how close your state is to enacting legislation. They could have already put laws in place, and you don’t even know it! That’s why assigning a chief compliance officer, whose sole job it is to watch out for updates and new measures in your state, is imperative right now. Not only will it give you peace of mind, but it could end up saving thousands of dollars in government fees.

It’s 2021: Do You Know Where Your Data Is?

While it may sound obvious or simple, data storage is often overlooked by companies - as in, many companies don’t know how their customer data is collected, stored, and ultimately used. This is often the first measure toward protection of consumer privacy, and is often a fundamental part of data privacy legislation. Therefore, to get prepared for looming legislation, companies should dive deeper into their data to understand how and where it’s stored and what it’s being used for.

Welcome Third-Party Providers to the Compliance Party

Third-party providers are often overlooked when organizations think about their security, so ensuring that these technology providers are also compliant is imperative. After all, a third-party breach can still reflect poorly on your business—earlier this year, security software provider Accellion suffered a data breach that caused their notable customers, including Kroger stores and Shell Oil, to scramble to address the issue. Invest in a PCI compliance solution. PCI compliance—connoting adherence to the Payment Card Industry Data Security Standard (PCI DSS)—can ensure your customers’ sensitive payment information is kept secure and can be helpful in preparing for data security requirements in potential privacy legislation. When it comes to payments, PCI compliance is an essential component to compliance.

With President Biden’s most recent plans to expand the military’s cyber force, it’s clear that cybersecurity is being taken more and more seriously on the federal level, and it’s only a matter of time until federal data privacy laws are passed. For companies who wish to avoid the mad dash in getting their business up to speed and compliant based off of the most recent legislation, now is the time to upgrade your security plan and tools.

Geoff Forsyth is the chief information security officer at PCI Pal, where he is dedicated to maintaining the group’s existing information security strategy and standards to protect customers’ data. PCI DSS certification, information regulatory compliance, risk management and other relevant data security requirements are at the core of the organization, and this position reinforces the commitment to ensuring data security and global regulatory compliance, now and in the future.