Having the PCI data security standards and various state regulations in force for the better part of two decades, retailers have become well-acquainted with data security compliance.
Now, with evolving security threats, increasing data breaches and privacy infringement by tech companies, a new round of data security/privacy laws must be understood and followed to build customer trust and avoid the consequences of non-compliance.
The new laws include Europe’s GDPR, New York’s SHIELD Act and the California Consumer Privacy Act (CCPA), among similar laws in other states. Viewed as necessary, the new privacy laws seek to rectify problems in the management of data breaches.
The emphasis is heavily on protecting personal information with requirements for data breach disclosure and penalties for not providing reasonable safeguards.
In this paper, we take a closer look at the new privacy laws, what retailers can do to achieve compliance and recommended assistance.