In this Payments on Fire® George and Scott Giordano, VP and Sr. Counsel, Privacy and Compliance at data privacy management firm Spirion, talk about what can and has gone wrong, the high cost of sanctions for failure, and how to reduce the risks attendant with the handling of personal data.
Privacy.
It’s a huge issue. Many of us are concerned as individuals with how our personal data – our personally identifiable information or PII – is shared by social media and throughout today’s massive data ecosystem without our knowledge or without our case by case granting of permission.
As a result of those concerns, various jurisdictions around the work have enacted privacy-focused legislation that has teeth. The EU’s General Data Privacy Regulation (GDPR) focuses on data protection and privacy where consent for PII is required. It also addresses data domicility, where the data about an EU system must reside. GDPR applies to entities doing business in Europe – i.e. it applies to thousands of US companies.
In the US, one of the leading regulatory steps is on the ballot this year in California. Its proposed data privacy regulation, the California Consumer Privacy Act (CCPA), would provide for:
* The right to know about the personal information a business collects about them and how it is used and shared;
* The right to delete personal information collected from them (with some exceptions);
* The right to opt-out of the sale of their personal information; and
* The right to non-discrimination for exercising their CCPA rights.
Any business doing business in CA will be affected by the CCPA, including data brokers.
These regulations are an attempt to return a measure of control to individuals over the sea of personal data that makes it possible, for instance, for an entity to correlate the data of a handful of payment transactions to identify an individual with high confidence.
The ramifications of these regulations are many. In this podcast, we hear of how a Midwest bank, that does not business itself in the EU, became subject to GDPR regulations because of the activities of one of its clients.
We are living in a world where the social implications of wide data sharing are obvious.
What’s not so clear are the business ramifications of privacy regulations and the data custodianship they demand.
In this Payments on Fire® George and Scott Giordano, VP and Sr. Counsel, Privacy and Compliance at data privacy management firm Spirion, talk about what can and has gone wrong, the high cost of sanctions for failure, and how to reduce the risks attendant with the handling of personal data.
We are at the beginning of a decades long evolution of how privacy is supported and data is managed. Shaping that path will be regulations, the decisions reached through multiple lawsuits, and the response by technology and data providers.