The privacy legislation trend shows no signs of slowing down. At least a dozen states have now enacted privacy laws, in addition to global laws already in place. And more states will inevitably pass privacy legislation in the coming year. Organizations should plan carefully to prepare for data privacy law changes in 2024 and beyond. New State Privacy Laws Taking Effect in 2024 Each year, a handful of states enact sweeping privacy legislation, and 2024 is no exception. The following new privacy laws will take effect in the coming months: Montana Consumer Data Privacy Act (MTCDPA) – This law goes
Data ethics and responsibility refer to the practice of using data in a fair, transparent, accountable, and trustworthy manner. Treating data responsibly extends far beyond simply achieving regulatory compliance. It involves carefully considering the impact of data on individuals and society. While it brings important business benefits, it requires strategy. For example, a university conducting social research on issues surrounding indigenous peoples has a responsibility to respect the cultural values of the indigenous community. This will involve first obtaining informed consent from the community and individuals involved. It also requires taking steps to ensure fairness and cultural accuracy in data
The General Data Protection Regulation (GDPR) took effect in 2018, increasing data protection for European Economic Area (EEA) citizens and residents. The GDPR impacts how organizations collect, process, store, and share personal data. While the law applies to individuals in the EEA, GDPR compliance also affects American citizens and businesses in certain situations. Failure to comply with GDPR can result in hefty fines, as well as reputational damage and legal action. For instance, Facebook’s parent company Meta was fined $1.3 billion this year for violating GDPR guidelines. Companies need to understand whether they fall under GDPR and how to achieve
Daniel's Law refers to laws in different states that protect the personal information of public servants and their families from being disclosed or published online. The original Daniel's Law, enacted in New Jersey in 2021, was inspired by the tragic death of Daniel Anderl, the son of Judge Esther Salas and Mark Anderl. Daniel’s Law illustrates the need for data privacy and sensitive and informed municipal data governance. What is Daniel's Law in New Jersey? Daniel's Law (P.L. 2021, c. 371) was signed by Governor Phil Murphy on January 19, 2021, in response to the fatal shooting of Daniel Anderl.
Email remains an essential tool for business communication. Workers use it to connect with vendors and colleagues. And email marketing presents a cost-effective way to stretch advertising dollars and strengthen customer relationships. However, to avoid penalties and preserve customer goodwill, organizations must ensure email compliance. Companies should be aware of several laws affecting email. For instance, the CAN-SPAM act regulates marketing emails in the United States, with even stiffer laws in Canada. The FTC will levy costly fines and penalties against companies who violate CAN-SPAM. In addition to CAN-SPAM, a growing number of states have begun implementing privacy laws that
The wave of privacy regulations continues to gain momentum, with five states enacting new laws this coming year. The 2023 privacy law changes will affect the data operations of thousands of organizations. And business owners should expect even more changes to come. Solid, adaptable data governance will help companies maintain compliance. California 2023 Privacy Law Changes The California Privacy Rights Act takes effect on January 1. It replaces California’s original privacy law, the CCPA, and grants additional rights to Californians. CCPA granted consumers the right to a privacy notice, the right to delete their data and the right to opt
For decades, organizations have been archiving emails to meet regulatory and business requirements. In many cases, this means that companies have millions of emails stored in outdated systems. Updating archives to take advantage of the benefits of a modern environment can prove complicated. But following legacy archive migration best practices help. Email archiving provides a way for companies to preserve emails indefinitely. Archiving often proves necessary to achieve regulatory compliance. It also provides for business continuity and plays a key role in eDiscovery and internal audits. Several scenarios may necessitate the need to migrate email archives. For example, as more
Thousands of organizations already depend on Azure Active Directory (Azure AD) for identity and access management. But they may not be aware of all that Azure AD provides or of additional identity management services now available. The Microsoft Entra product family, including Azure AD, provides a streamlined identity platform while strengthening security. Cloud migration and remote work have changed the face of cyber security forever. Even a small to medium business must manage access for thousands of identities, from employees to contractors, devices, and services. However, traditional methods for verifying identity and managing permissions are labor-intensive and leave too many
The public sector deals with a treasure trove of sensitive data, from social security numbers to payment information. Hackers know this and have increasingly turned their focus to local and state government agencies. Consequently, these organizations must implement data compliance best practices to safeguard personally identifiable information (PII) and avoid stiff penalties. For example, in 2016, dozens of Los Angeles County employees gave in to a phishing attack. As a result, hackers gained access to the personal data of nearly 800,000 people. Attackers can then sell personal information or use stolen credentials to access government systems or disrupt critical services.
Technology has kept businesses afloat over the past year. However, moving millions of employees to work from home comes on the heels of a growing global focus on data privacy. Consequently, organizations already scrambling to meet regulations now face the dilemma of supporting both privacy compliance and remote work. Consider several typical scenarios. Employees work on personal devices more than ever before, devices that may lack up-to-date security measures and secure Wi-Fi. Medical professionals conduct patient visits over video. Roommates and families share home networks and office space. Employees and organizations alike must take responsibility for privacy compliance and data