Winner of ILTA's Solution Provider of the Year for the Premier Learning Program
Let's Talk

The Evolving Landscape of Data Privacy: A Mandate for All

Looking for a specific topic?
Who We Are
Leading through learning.
We believe that a culture of learning ensures every individual has an opportunity to grow and flourish. Join us and unlock your firm’s full potential.
Learn About Us
Join our Community
Subscribe to receive our latest news, product updates and promotions.
Sign Me Up
  • Data Security

Data Privacy used to be that “bolt-on” topic added to the far more enticing conversations around cyber and information security. Protecting information from the bad guys was far more interesting than protecting information because it was “required.” However, the topic of data privacy has now captivated discussions among leaders of organizations. It is a mandate that is now reaching everyone and demands our attention.

From the European Union’s GDPR mandate that had global reach to the growing list of states in the US that have enacted data privacy laws, it is a topic that must be a part of the education and direction given to all employees.

Current State of Data Privacy Laws

As of now, 20 states in the US have enacted comprehensive data privacy laws[1]. These state laws have set the precedent for others to follow. The momentum for comprehensive privacy bills is at an all-time high, with several more states expected to implement similar laws in the near future[2].

Foundational Principles of Data Privacy

Understanding data privacy begins with recognizing its core principles:

  1. Lawfulness, Fairness, and Transparency: Data must be processed lawfully, fairly, and in a transparent manner.
  2. Purpose Limitation: Data should be collected for specified, explicit, and legitimate purposes.
  3. Data Minimization: Only data that is necessary for the purposes should be collected.
  4. Accuracy: Data must be accurate and kept up to date.
  5. Storage Limitation: Data should be kept in a form that permits identification of data subjects for no longer than necessary.
  6. Integrity and Confidentiality: Data must be processed in a manner that ensures appropriate security.
  7. Accountability: Organizations must be able to demonstrate compliance with these principles[3].
What Everyone Should Know

Data privacy is not just a legal requirement but a fundamental right. Everyone should be aware of the following:

  • Consent: Individuals must give explicit consent for their data to be collected and used.
  • Transparency: Organizations must be transparent about how they collect, use, and share data.
  • Security: Protecting data from unauthorized access and breaches is crucial.
  • Rights: Individuals have the right to access, correct, and delete their data[4].
What Everyone Should Do

To ensure compliance and protect data privacy, organizations and individuals should:

  • Educate: Regularly train employees on data privacy principles and practices.
  • Implement Policies: Establish clear data privacy policies and procedures.
  • Use Technology: Employ data protection technologies and practices.
  • Monitor and Audit: Continuously monitor and audit data practices to ensure compliance[5].
Conclusion

Data privacy is no longer an afterthought but a critical component of organizational strategy. As laws evolve and the importance of data privacy grows, it is imperative for all employees to be educated and vigilant. By understanding and implementing the foundational principles of data privacy, organizations can protect themselves and their clients, ensuring trust and compliance in an increasingly data-driven world.

[1]: Bloomberg Law [2]: National Law Review [3]: IBM [4]: Harvard Business Review [5]: Pew Research Center

References
[1] US State Privacy Legislation Tracker – International Association of …
[2] Which States Have Consumer Data Privacy Laws? – Bloomberg Law
[3] What are the US States with Data Privacy Laws? | DataGrail
[4] The State of Consumer Data Privacy Laws in the US (And Why It Matters)
[5] Key findings about Americans and data privacy – Pew Research Center

About the Author
About the Author

Kenny Leckie

Senior Technology & Change
Management Consultant

In his role as Senior Technology and Change Management Consultant, Kenny provides thought leadership and consulting to the legal community in areas of information security/cybersecurity awareness, change management, user adoption, adult learning, employee engagement, professional development, and business strategy. He also works with clients to develop and deploy customized programs with an emphasis on user adoption and increased return on investment. Kenny is a Prosci Certified Change Practitioner, a Certified Technical Trainer and has earned the trust of firms across the US, Canada, The UK, Europe and Australia.

Kenny has more than thirty years of combined experience as a law firm Chief Information Officer, Manager of Support & Training, and now consultant providing him with a unique point of view and understanding of the challenges of introducing change in law firms. He combines his years of experience with a strategic approach to help clients implement programs that allows focus on the business while minimizing risk to confidential, protected, and sensitive information. Kenny is an author and speaker and a winner of ILTA’s 2018 Innovative Consultant of the Year.