If your organization does business in multiple states, you’ll need to make sure your data policies are compliant with several new state laws governing data privacy.
Strong data privacy laws take effect in 2020 in California and New York; Nevada’s took effect Oct. 1. Six additional states considered bills on the regulation of data privacy.
Congress also saw bipartisan support for a federal data privacy law, but none of the proposals advanced this term.
To deal with all these new state laws you should follow a generally accepted standard, such as the National Institute of Standards and Technology’s framework (the NIST framework) in your data transmission, handling, storage, and destruction. Then as a state where you do business enacts a new law, determine what additional steps, if any, you would need to take.
Some areas where you may need a policy include meeting required breach notification deadlines and handling someone’s request for their data or for removing it from your possession.
A Risk Assessment can give you an overview of your organization’s current compliance posture. It also can help you devise an approach to increasing your organization’s compliance with data privacy laws, if needed.
If you are not sure whether your organization has appropriate data privacy policies in place, contact us for more information. We help firms get their ducks in a row for compliance and security. We also invite you to explore our IT Compliance Services page on this website.