Without a doubt, data privacy will be a much bigger focus for small- and medium-sized businesses in 2023, as the U.S. states of California, Colorado, Connecticut, Utah, and Virginia all enact stricter privacy legislation. Similarly, the Canadian province of Quebec is also in the process of updating its data privacy laws.
1. You Need to Conform with New and Changing Regulations
2. Government Entities Will Become More Vigilant About Potential Violations
Many financial analysts predict that global economic growth will slow in 2023. With that in mind, we can anticipate that government entities will become much more proactive in assessing fines for violations of data privacy regulations.
For example, the California Attorney General’s office announced in August 2022 that cosmetics retailer Sephora would pay $1.2 million in fines as a result of its California Consumer Privacy Act (CCPA) violations. Specifically, the State of California determined that Sephora did not tell customers it was selling their personal data, neglected to process requests from users who opted out of the sale of their data, and failed to resolve its CCPA violations within the 30-day time period required by the law.
3. It’s a Consumer-Friendly Business Practice
This is especially important if your company does business with consumers who are minors. For example, the Children’s Online Privacy Protection Act (COPPA) requires an “operator” to obtain verifiable parental consent before personal information is collected, used, or disclosed from children under the age of 13. Specifically, Part 312.5 of COPPA requires consent to any material change in the collection, use, or disclosure practices to which the parent had previously consented. The new or changing state regulations referred to above can contain special data privacy requirements that pertain to minors as well.
Recently, the U.S. Federal Trade Commission (FTC) announced that video gaming firm Epic Games will pay $275 million to the U.S. government to resolve claims that it violated the COPPA by gathering the personal information of children under the age of 13, without receiving their parents’ verifiable consent. According to the FTC, it is the largest fine the agency has ever imposed for a regulation that it enforces.
4. Mergers, Acquisitions, and Entry into New Business Markets May Have Resulted in Obsolete Policies
Take Action Now
Get started with Egnyte today
Explore our unified solution for file sharing, collaboration and data governance.
LATEST PRODUCT ARTICLES
Don’t miss an update
Subscribe today to our newsletter to get all the updates right in your inbox.