Are you breaking the law?
This is a question that gives leadership at any company shivers. Unlike in the pre-Internet era, companies now not only have to comply with laws of their home jurisdictions but also have to take into account jurisdictions where their users reside.
And in the age of cloud where there are no national boundaries this presents several complications.
In this post we will take a look at three regulations around user data which can impact how you do business.
1) The US Cyber Security Information Act-
CISA became a law late last month, and it has turned out to be controversial.
On the face of it, CISA makes sense. It gives a platform for companies to share intelligence about threats with Federal agencies like FBI and NSA so that a better threat response can be formulated.
But the devil is in the details.
The companies who share data with federal agencies like FBI and NSA will be provided immunity from liability for violating user privacy and sharing private information like financial and health records. This law has been criticized by its opponents like Electronic Frontier Foundation and companies like Facebook and Google for enabling surveillance.
The law also makes it possible for US courts to pursue foreign nationals even if the crime was committed outside US territorial jurisdiction. As the Guardian says
But the amended law would make it a crime punishable by US prison time not merely to clone the credit card or steal the Netflix password of an American citizen, but to take unauthorized information from any American company, no matter where it happens.
In other words, if a French national hacks a Spanish national’s MasterCard, she could be subject to 10 years in US prison under laws changed by the bill.
If you are a CIO you now have access to a mechanism for sharing data over threat intelligence. But in the event of strong pushback from privacy groups and tech companies you might risk losing business as privacy conscious clients and users might take their business elsewhere.
2) The EU General Data Protection Regulation
On the flip side the EU has passed the most stringent data privacy regulation ever. Called the General Data Protection Regulation it is applicable to any entity which offers goods or services to residents in the EU (this means that if you offer payment options in Euros or have a website in an European language, or ship to European countries you are liable).
Some of the provisions are:
The EU gives a window of 2 years for companies to comply with the regulation, and specifies hefty fines for non-compliance (2% of annual worldwide sales or 1 million Euros, whichever is higher).
This regulation will have a major impact on businesses that operate in the EU.
According to an Ovum report on data privacy laws:
With the trend in EU data laws showing an increasingly stringent trend companies will have to get started with compliance if they want to meet the window.
3) FTC guidelines on Big Data and predictive analytics
Big data and associated technologies like predictive analytics let companies know their customers and users more intimately than ever before.
In a recent report titled Big Data: A tool for Inclusion or Exclusion the FTC warns companies against:
There is therefore a need for companies to not go overboard with Big Data analytics, and make sure that they are not violating relevant laws.
The regulatory landscape is confusing and fluid, with complications multiplying in the event that you do business internationally. Being forewarned is being forearmed, and the sooner companies start putting internal processes to comply with these regulations the lower will be risk of non-compliance.
How to create an effective technology vision and strategy
Green IT Initiatives for the Twin Transformation of Industrial Enterprises
CIOs in 2021: New Mindsets, Cultures and Leadership Rules
Top Strategic Priorities for CIOs in 2021
Seven Ways COVID19 has Changed the CIO Role
The role of CIOs in fostering an agile and innovative DevOps culture
The benefits of cybersecurity mesh for distributed enterprises
Deliver personalized experiences to improve customer engagement using machine learning
Smart Contracts for Innovative Supply chain management
We're here to help!
No obligation quotes in 48 hours. Teams setup within 2 weeks.
If you are a Service Provider looking to register, please fill out this Information Request and someone will get in touch.
Outsource with Confidence to high quality Service Providers.
If you are a Service Provider looking to register, please fill out
this Information Request and someone will get in
Enter your email id and we'll send a link to reset your password to the address
we have for your account.
The IT Exchange service provider network is exclusive and by-invite. There is
no cost to get on-board;
if you are competent in your areas of focus, then you are welcome. As a part of this exclusive