SC Magazine, a Cyber Risk Alliance Resource, featured Tim Barnett, Chief Information Officer at Bluefin, as he discussed the state of consumer data privacy laws in the U.S.
The General Data Protection Regulation (GDPR), implemented by the European Union (EU) and its member states in May 2018, has brought significant changes to the way businesses and government agencies handle consumer data. It requires organizations to obtain consent, maintain data protection measures, and provide transparent privacy policies.
However, in the United States, there is a lack of a comprehensive national data privacy law, resulting in a fragmented landscape with varying state regulations. This creates confusion and operational challenges for businesses while potentially compromising consumer privacy. Several U.S. states have implemented their own data privacy laws, but a national standard is needed to simplify compliance and protect consumer data consistently.
Barnett states that a federal data privacy law would advocate for consumer privacy rights, simplify compliance, and give consumers more control over their data. Additionally, implementing stringent privacy practices and technologies like tokenization can help businesses stay ahead of evolving regulations and protect consumer data.
“Additionally, it’s wise for business and IT leaders to revisit their current data protection practices and consider using tactics such as tokenization to secure consumer payment and personal data. Tokenization encodes personally identifiable information (PII) with a random string of numbers that’s stored on servers, rather than the sensitive information itself — which makes data useless to bad actors in the event of an attack. So, even if an organization experiences a data breach, consumer data remains secured, and the process of notifying customers of the breach becomes much less taxing,” Tim Barnett.
Read Barnett’s full article here.