Legal Matters

Businesses Prepare for Data Privacy Laws

As we head into the last months of 2023, it is difficult to overstate the data privacy transformations the United States and other global governments are experiencing. This was best observed over the summer when the European Union reached a new agreement with the U.S. over the regulation of the personal data of EU citizens collected by American companies. This move was motivated by the E.U.’s robust track record of protecting personal privacy; the U.S., by contrast, does not have comprehensive federal data privacy protections. Instead, it is up to individual states to pass their own legislation.

However, the steps taken by local and national governments to guard personal privacy has not been reflected through company operations. Despite the fact that cybersecurity is “the number one data privacy concern for global businesses,” recent polling suggests that only half of executives feel “very prepared” to meet data privacy regulations. This investigation also revealed that U.K. executives feel better equipped to meet the new changes, revealing a disconnect between U.S. executives and the coming laws. This may be due to the culture of privacy protection in the European Union, but nevertheless these protection shortcomings affect organization on both sides of the pond.

Closer inspection reveals further issues. Only 34% of the respondents in Womble’s survey have conducted data mapping and understand data practices at their organization. That means that even those who feel equipped to meet the requirements of data privacy laws may be overstating their expertise. The fundamental issue here is that many employees and executives do not understand the data held within their organization and so are unable to effectively protect it.

The takeaway for consumers is that we cannot trust organizations to be as vigilant about our data as we are. Consequently, we need to employ as many protections as possible, such as software protections that guard against bad actors. Make sure you stay informed on organizational privacy track records (e.g., Meta and its subsidiaries) and decide whether you want to prioritize working with companies who have a demonstrated commitment to protecting your information from breaches.