Whether you’re company is B2B or B2C, consumer data privacy has an impact on your data storage and data destruction. IT asset management and data security have some federal oversight based on specific industries (such as health, financial, credit card) but most regulation (right now) is a state-by-state patchwork of laws. For companies engaged in international business, the most comprehensive data privacy law is the General Data Protection Regulation (GDPR) covering the EU.
The result? A digital version of the Wild West: laws based on geography, a few standout sheriffs (California we’re looking at you) and an occasional whopper fine as a public reminder to walk the line. With the current mish-mash of regulatory oversight, data security is focused on brand protection with an adherence to the highest level of applicable state and federal law — no matter where business is happening.
“The United States doesn’t have a singular law that covers the privacy of all types of data. Instead, it has a mix of laws that go by acronyms like HIPAA, FCRA, FERPA, GLBA, ECPA, COPPA, and VPPA.”
The State of Consumer Data Privacy Laws in the US (And Why It Matters), New York Times, Sept 6, 2021
Data privacy by industry
“Currently, privacy laws are a cluttered mess of different sectoral rules. “Historically, in the US we have a bunch of disparate federal [and state] laws,” said Amie Stepanovich, executive director at the Silicon Flatirons Center at Colorado Law. “[These] either look at specific types of data, like credit data or health information,” Stepanovich said, “or look at specific populations like children, and regulate within those realms.” (The State of Consumer Data Privacy Laws in the US, New York Times, Sept 6, 2021)
In addition to the variance in state regulations, IT data disposition processes, policies and compliance vary by company, geography, history, legal viewpoint, brand awareness and industry sector:
- Banking & Finance. Gramm-Leach-Bliley (GLBA), the Federal Trade Commission’s Fair and Accurate Credit Transactions Act (FACTA), the Payment Card Industry Data Security Standards (PCI DSS) and the Sarbanes-Oxley Act (SOX)
- Education. Family Educational Rights and Privacy Act (FERPA), and the Individuals with Disabilities Education Act (IDEA)
- Healthcare, Pharmaceutical and Insurance. Protected health information (PHI) is protected by the Health Insurance Portability and Accountability Act (HIPAA) regulations and the Payment Card Industry Data Security Standards (PCI DSS)
- Government, Nonprofit. Publishing, Research & Development and Retail and eCommerce. The California Consumer Privacy Act and the Children Online Privacy Protection Act (COPPA) and the Payment Card Industry Data Security Standards (PCI DSS).
- Real Estate. Legal & Corporate, Manufacturing, Tech & Cloud Providers. Varies by industry served and state
Trusted suppliers are essential for data privacy management
No matter the industry or location, look for vendors who satisfy the requirements of the project, the industry, any and all regulations and corporate policies. The results forge lasting business relationships with the confidence that your data and asset management programs are executed at the highest level.
Additional resources to help you stay ahead of data security and privacy challenges:
- 12 new state privacy and security laws explained: Is your business ready?
- State Laws Related to Digital Privacy
- US Federal Privacy Legislation Tracker
- US State Privacy Legislation Tracker
- These states are on track to pass data privacy laws this year
- Data Disposal Laws (by state)
- 15 essential factors for IT asset management and data destruction
As a channel partner to VARs, ITADs, MSPs and resellers, Guardian’s services reduce risk, cost and overhead while shouldering the burden of compliance, industry know-how and logistics. If you have a data security or data destruction conundrum, talk to us. We know the regulations and work with IT asset management process and programs to solve problems, provide all documentation and ensure that your reputation sparkles.