What’s New in Data Protection Legislation?
There is a steadily growing awareness among C-Suites and small business owners (SBOs) about privacy laws and the legal requirements of storing and disposing of confidential information, according to the 2016 State of the Industry Report by Shred-it.
While SBOs still need to step up their compliance practices, “the level of awareness has increased over last year and is at the highest level since tracking began.”
Trouble is, data protection legislation is a moving target.
Regulators are under pressure to ensure that legislation protects and safeguards privacy and personal information of citizens, said the report. That means legislation is constantly evolving.
The State of the Industry report provided details.
In April 2016, the U.S. House of Representatives unanimously approved the Email Privacy Act (a reform of the 1986 Electronic Communications Privacy Act). The act will require law enforcement authorities to get a search warrant before asking technology companies to provide emails or other digital communications.
The European Commission approved the EU/US Privacy Shield Framework. It protects fundamental rights of citizens in the EU whose personal data is transferred to the United States.
Earlier this year, 16 U.S. states, collectively referred to a ‘Take CTRL’, introduced bills to advance various privacy issues... everything from student and employee privacy to new police surveillance techniques and cloud storage.
In Canada, The Privacy Act is currently under review. The government wants to make sure mobile health devices and technologies that collect and store personal information are in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA).
In the U.K., there are questions about the coming EU General Data Protection Regulation. “We will be discussing with Government the implications of the referendum result and its impact on data protection reform in the UK,” according to a statement from the Information Commissioner's Office (ICO).
What can companies do to remain in compliance and up-to-date with evolving privacy legislation?
- Have information security policies for the on- and off-site workplace.
- Monitor websites of applicable international data protection regulators, according to expert advice in the State of the Industry Report. “Be on the lookout for new guidelines and policies or any new enforcement decisions.”
- Regulate access to confidential information. Employees should have access only to information they need to do their jobs.
- Provide appropriate technological safeguards – for example, ‘compartmentalizing’ applications on mobile devices, firewalls, anti-malware software, and encryption technology.
- Physically protect information. Implement a Clean Desk Policy.
- Provide on-going training to encourage secure work habits and familiarize employees with policies and procedures.
- Regularly review what personal information is collected, how it is used, and how long it is retained. Limit the amount and type of personal information collected to what is necessary. Securely destroy confidential information when it is no longer needed. Introduce a Shred-it All Policy.
- Partner with a third-party that is committed to best practices in information security. Think beyond storage of hard drives. Leverage third party expertise to regularly destroy out-dated hardware and e-media.
Learn how to protect confidential information in your workplace from creation to disposal – for information security and privacy legislation compliance.