State of Data Privacy Trends for 2022
Data privacy trends are a topic of interest and concern for corporations and law firms across the globe, particularly as more services and communications have required the use of digital and electronic platforms that have the capacity to store and share personal and business information. Data can be stolen and shared unlawfully in a wide variety of ways, and it is essential for corporations to consider data privacy issues and to develop plans for security compliance. Most if not all corporations likely already know that the term data privacy is used to refer to keeping personal information private for private individuals, such as employees, clients, and other parties.
When businesses and employers fail to develop security practices and a data breach occurs, the business ultimately may be liable depending upon the particular circumstances. The following information explains the current state of data privacy laws in the U.S., and those focused internationally, and highlights potential data privacy trends that organizations should keep note of during 2022.
Existing Domestic and International Data Privacy Laws
The state of data privacy in 2022 begins with a reminder of the existing domestic and international data privacy laws that organizations should know about if they do not already. In terms of federal laws in the United States, data privacy laws and regulations are largely specific to particular industries, providing protections for personal information based on the type of personal information stored and the reasons for the storage of that personal information. Organizations that deal with any of the types of personal information protected by the following federal laws, rules, or regulations need to understand their responsibilities and how to remain in compliance in 2022.
The Children’s Online Privacy Protection Act (COPPA), which was enacted in 1998, is a law that is aimed at limiting or restricting the collection and use of children’s personal information. The Federal Trade Commission (FTC) is tasked with issuing and enforcing regulations related to online privacy affecting children. The rule applies to websites and online services. The Family Educational Rights and Privacy Act (FERPA) protects the privacy of students’ educational records. The Gramm-Leach-Bliley Act (GLBA) requires financial institutions and any businesses that offer certain financial products to provide clients or customers with details about information-sharing and how personal information is protected. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted to protect private patient health information from being collected, shared, or used without express consent from the patient. The Federal Trade Commission is responsible for rulemaking and enforcement for certain data privacy matters under federal law. Some U.S. states have their own specific data privacy laws.
Internationally, the General Data Protection Regulation (GDPR) continues to govern data privacy matters in the European Economic Area (EEA), which includes the European Union (EU) as well as Iceland, Liechtenstein, and Norway. The GDPR has been in effect since May 2018, and it allows for regulation of data privacy in the EEA and in many issues occurring outside the EEA when they involve EEA countries or actors. The United Kingdom enacted the Data Protection Act 2018, which is its implementation of the GDPR.
New and Revised Privacy Protection Laws and Compliance Rules in the U.S. and Internationally
While several U.S. states have already enacted data privacy laws that are state-specific, in 2022 and beyond, more states are likely to enact data privacy laws while other states will see their data privacy laws going into effect. Businesses that are headquartered in the U.S. or that currently or are planning to conduct business in the U.S. from other regions of the globe will need to gain a clear understanding of the state and federal data privacy laws that may be applicable to them. In addition, organizations should be aware that other international countries and regions may soon pass data privacy laws, including reforms in Australia and Canada. India’s new Data Protection Authority of India (DPA) law will also focus on data privacy and the protection of personal and individual information. A new data privacy law will be enforced in China beginning in 2022, which will also likely occur in Saudi Arabia, where a data privacy law was passed recently.
Increased Need to Consider Cyber Attacks and Use of Ransomware
Cyber attacks are likely to continue into 2022, and governments around the globe are likely to continue options for combatting the use of ransomware. Ransomware gangs and groups are developing improved technologies for holding business information “hostage.” Businesses should consider the effects of increased cyber attacks, options to handle a cyber attack in the event that one does occur, and the need for cyber insurance policies, which may become more costly as cyber attacks increase.
Passage and Implementation of Biometric Privacy Laws
A number of U.S. states have now enacted biometric privacy laws, which are designed to protect private and personal biometric data. What are biometrics? As Norton explains, “biometrics are any metrics related to human features,” but the “most common examples of a biometric recognition system is the iPhone’s fingerprint and facial recognition technology.” More broadly, as Norton clarifies, biometrics measure “physical characteristics to verify [a person’s] identity,” and technology dealing with biometrics and data privacy trends may include information related to a person’s “fingerprints and eyes, or behavioral characteristics, such as the unique ways you’d complete a security-authentication puzzle.” Businesses should anticipate that more biometric privacy laws may be passed in the U.S. and globally, given the ways in which biometric data continues to be used and, in some cases, collected and shared. Specifically, the National Biometric Information Privacy Act of 2020 (NBIPA) is still pending in the U.S. Senate, and it could be passed in 2022, creating a federal law through which biometric data privacy can be regulated and enforced.
Changes to the Ways in Which Personal Information or Data is Defined
Biometric data is one type of personal data that is subject to certain privacy laws, and various other types of personal information and data exist, as well. The federal privacy laws cited above—COPPA, FERPA, GLBA, and HIPAA—are each designed to protect certain types of personal information and data, from names and identification numbers to health record information, educational records, and other personal details. Beyond this type of personal information and biometric data, the types of personal information that may become protected by domestic and global privacy laws may include certain forms of electronic information. For example, laws and regulations may expand globally to include a person’s Internet Protocol (IP) address, a person’s internet history or internet search history, video streaming information, social media posts, and financial transactions.
More Technology Solutions for Businesses Handling Data Privacy Issues
In recent years, various privacy technologies have been marketed to businesses and firms across the globe to increase data privacy security and to handle personal information breaches and thefts. More technology solutions are likely to arise in 2022, and businesses are likely to be targeted by marketing firms seeking to sell privacy tech solutions.
Continued Anxieties Surrounding Data Privacy Trends and Regulation
In recent years, data privacy laws and regulations have become increasingly complex, particularly as individual U.S. states and federal laws in the U.S. have been passed concerning data privacy, and as nations around the globe have passed, amended, and revised data privacy laws. Companies and firms doing business in the U.S. and abroad have had to contend with a wide variety of legal matters pertaining to data privacy compliance, and as more laws are passed and enacted, anxieties concerning compliance are likely to increase. As such, more businesses are likely to spend a significant amount of resources, including time and financial resources, to understand the applicability of existing and emerging data privacy laws and what is necessary for compliance.
Further, clients and customers also have anxieties surrounding data privacy and the ways in which various types of businesses are likely to collect and use their personal information. Accordingly, businesses are likely to need to strategize in 2022, or update their policies, on how consumers are provided with information about the data collection.
Considering Best Practices for Data Privacy in 2022
Corporations that are thinking carefully about data privacy in 2022 and beyond should closely examine their own best practices and should consider ways of improving data privacy. Best practices may include the following:
- Focusing on data privacy as a form of large-scale risk management that needs to be at the center of the corporation’s practices;
- Detailing information about stored data that requires privacy protections, including information about where the data is stored, which parties may have access to that data, and whether and how that data is ever disclosed or provided to third parties;
- Considering the potential for data breaches and making preventive or preemptive plans to protect stored personal information.
Businesses that need support for policy implementation or internal investigations related to data privacy or data breaches can seek assistance from Baer Reed to make the process more time and cost efficient. Contact Baer Reed online today to learn more about the legal support services we provide.
- On March 18, 2022
- Back to post list