How to Comply with Data Privacy Laws in 2023
By VOS Consulting Group on September 8, 2023
According to Cisco, around 48% of consumers indicated they had already switched companies or providers because of their data policies or data-sharing practices. The year 2023 is set to mark the beginning of a big shift in the framework regarding data privacy laws and regulations in the US.
Traditionally, businesses and organizations were allowed to collect personal data without express consent, while regulating its use to avoid or alleviate harm in specific industries, such as financial, healthcare, and education. However today, data privacy laws in the US are inspired by the European Union’s General Data Protection Regulation (GDPR), empowering individuals to effectively own their personal data and have the legal right to control it.
In this article, we look at how data privacy laws are changing in the country in 2023 and how your business can comply with them.
Traditionally, businesses and organizations were allowed to collect personal data without express consent, while regulating its use to avoid or alleviate harm in specific industries, such as financial, healthcare, and education. However today, data privacy laws in the US are inspired by the European Union’s General Data Protection Regulation (GDPR), empowering individuals to effectively own their personal data and have the legal right to control it.
In this article, we look at how data privacy laws are changing in the country in 2023 and how your business can comply with them.
Data Privacy Laws in the US
Inspired by the GDPR principles, new data privacy laws are slated to go into effect in 2023. These new laws will come online this year in California and four other states, including Colorado, Connecticut, Utah, and Virginia. More states are likely to follow in their footsteps in the coming years, which reflects the impact of GDPR’s rights-based framework.
The new data privacy regulations represent a comprehensive approach to privacy protection, applying to organizations across several industries, along with the industry-specific regulations that remain in place. These laws will set forth numerous rights of individuals with respect to their personal data. The particular rights that apply depend on the kind of information, especially information deemed highly sensitive.
Inspired by the GDPR principles, new data privacy laws are slated to go into effect in 2023. These new laws will come online this year in California and four other states, including Colorado, Connecticut, Utah, and Virginia. More states are likely to follow in their footsteps in the coming years, which reflects the impact of GDPR’s rights-based framework.
The new data privacy regulations represent a comprehensive approach to privacy protection, applying to organizations across several industries, along with the industry-specific regulations that remain in place. These laws will set forth numerous rights of individuals with respect to their personal data. The particular rights that apply depend on the kind of information, especially information deemed highly sensitive.
Image Source: Pew Research Center
How to Comply with Data Privacy Laws
About 92% of consumers believe that a proactive approach can avoid user data breaches. It’s perhaps why over 60% of Americans blame the business rather than the cybercriminals when a data breach occurs. Here are some ways that companies can comply with the ever-changing data privacy laws in the country:
About 92% of consumers believe that a proactive approach can avoid user data breaches. It’s perhaps why over 60% of Americans blame the business rather than the cybercriminals when a data breach occurs. Here are some ways that companies can comply with the ever-changing data privacy laws in the country:
1. Inform users when collecting data
According to a study by Wakefield Research, around 81% of Americans express concerns regarding businesses collecting personal data. Therefore, you must inform users when and why you are collecting personal or health information and where you will use this data. You also need to specify how users can view or modify this data and who the intended beneficiaries of the data are.
It’s also recommended to mention whether the provision of data is obligated by law or is voluntary, and any consequences to the consumer if the data (or any part of it) isn’t supplied.
You must inform users before, or soon after you’re gathering that data. You can provide this notice in the way best suited to your users. For example, you can link to a privacy policy on your website that outlines what you intend to do with their data. If you are recording audio or video, you can also make users aware of this through a collection notice.
According to a study by Wakefield Research, around 81% of Americans express concerns regarding businesses collecting personal data. Therefore, you must inform users when and why you are collecting personal or health information and where you will use this data. You also need to specify how users can view or modify this data and who the intended beneficiaries of the data are.
It’s also recommended to mention whether the provision of data is obligated by law or is voluntary, and any consequences to the consumer if the data (or any part of it) isn’t supplied.
You must inform users before, or soon after you’re gathering that data. You can provide this notice in the way best suited to your users. For example, you can link to a privacy policy on your website that outlines what you intend to do with their data. If you are recording audio or video, you can also make users aware of this through a collection notice.
2. Develop a privacy manual
Most companies create a privacy policy page on their website and call it a day. However, a privacy policy is of limited use if your staff doesn’t understand its purpose or enforcement. A privacy manual should outline to your employees how you’ll collect, use, store, and handle personal data.
You can introduce a privacy manual into your organization through formal training processes. Sometimes companies engage a privacy officer who can answer staff questions or take inquiries from the public when it comes to privacy compliance. You’ll be more inclined to effectively manage privacy if you take measures to make sure that your workers comprehend your policy.
Most companies create a privacy policy page on their website and call it a day. However, a privacy policy is of limited use if your staff doesn’t understand its purpose or enforcement. A privacy manual should outline to your employees how you’ll collect, use, store, and handle personal data.
You can introduce a privacy manual into your organization through formal training processes. Sometimes companies engage a privacy officer who can answer staff questions or take inquiries from the public when it comes to privacy compliance. You’ll be more inclined to effectively manage privacy if you take measures to make sure that your workers comprehend your policy.
3. Keep data secure
Companies should protect user information against loss, unauthorized access, use, alteration or disclosure and against all other exploitation. To do so, take practical security safeguards.
For example, you can limit access to user data in your business and provide authorized staff with separate logins. Also, ensure your workforce receives suitable training on privacy and data protection requirements.
You may also consider investing in the right type of physical storage if needed, to safeguard data from loss or abuse, and detach your information sources so they are not connected. You should also carry out regular audits to confirm that only authorized users are retrieving data, for authorized purposes.
Companies should protect user information against loss, unauthorized access, use, alteration or disclosure and against all other exploitation. To do so, take practical security safeguards.
For example, you can limit access to user data in your business and provide authorized staff with separate logins. Also, ensure your workforce receives suitable training on privacy and data protection requirements.
You may also consider investing in the right type of physical storage if needed, to safeguard data from loss or abuse, and detach your information sources so they are not connected. You should also carry out regular audits to confirm that only authorized users are retrieving data, for authorized purposes.
4. Dispose of user information securely
Discard all user data safely once you have achieved the purpose it was collected for. For private data that are no longer needed, you must delete or discard it at a set frequency.
Keep in mind that under the California Consumer Privacy Act (CCPA), users have the right to request the deletion of personal data from companies that have collected it from them. This means that companies subject to California’s requirements must think proactively about how exactly they plan on deleting user information.
However, before you discard personal data, get in touch with your records expert to discuss the minimum retention periods for your circumstances. This will ensure you abide by the Federal Information Security Management Act (FISMA), and any other laws that may be applicable.
Discard all user data safely once you have achieved the purpose it was collected for. For private data that are no longer needed, you must delete or discard it at a set frequency.
Keep in mind that under the California Consumer Privacy Act (CCPA), users have the right to request the deletion of personal data from companies that have collected it from them. This means that companies subject to California’s requirements must think proactively about how exactly they plan on deleting user information.
However, before you discard personal data, get in touch with your records expert to discuss the minimum retention periods for your circumstances. This will ensure you abide by the Federal Information Security Management Act (FISMA), and any other laws that may be applicable.
Achieve Data Privacy with VOS Consulting Group
As more and more states are expected to follow California’s lead, we’ll see deep implications of this important change in the data privacy framework in 2023. However, companies often do not have full-time internal resources to deal with ever-changing data privacy laws. This is where can VOS Consulting Group can help.
Our experts help multinational businesses navigate through the evolving regulatory landscape, providing cost-effective solutions to reduce compliance risks. We act as a reliable consultant, restructuring your in-house process of securing crucial areas of Business, Operations, and Technology. Our data privacy services include the following:
Privacy risk assessments
Data retention policy review and development
Privacy by design
By choosing us as your data privacy advisor, you get access to a fully flexible resource that can work alongside your internal teams to address the issues important to your organization. Get in touch to learn more.
As more and more states are expected to follow California’s lead, we’ll see deep implications of this important change in the data privacy framework in 2023. However, companies often do not have full-time internal resources to deal with ever-changing data privacy laws. This is where can VOS Consulting Group can help.
Our experts help multinational businesses navigate through the evolving regulatory landscape, providing cost-effective solutions to reduce compliance risks. We act as a reliable consultant, restructuring your in-house process of securing crucial areas of Business, Operations, and Technology. Our data privacy services include the following:
Privacy risk assessments
Data retention policy review and development
Privacy by design
By choosing us as your data privacy advisor, you get access to a fully flexible resource that can work alongside your internal teams to address the issues important to your organization. Get in touch to learn more.