Data is the currency of this generation. No longer is this truth more evident than in the fact that countries all over the world are instituting data protection laws to prevent unsolicited disclosure or misuse of information about individuals. While incremental progress was made on data protection in the new millennium, it was the European Union’s General Data Protection Regulation (GDPR) in 2018 that proved a significant event in the history of data protection laws in the world.
Most of the legislation around data protection is derived from the following universal principles for privacy and protection of consumer and citizen data, developed by Willis H Ware in a report in 1973 –
- For all data collected there should be a stated purpose
- Information collected by an individual cannot be disclosed to other organizations or individuals unless specifically authorized by law or by consent of the individual
- Records kept on an individual should be accurate and up to date
- There should be mechanisms for individuals to review data about them, to ensure accuracy
- Data should be deleted when it is no longer needed for the stated purpose
Here are some of the most well-known data protection laws that different countries have instituted or are in the process of establishing:
General Data Protection Regulation (GDPR) – European Union
The General Data Protection Regulation (GDPR) is a significant, wide-ranging piece of legislation, passed by the European Union (EU), which came into effect in 2018. GDPR updated the rules and regulations around data privacy for EU citizens while increasing its territorial scope, establishing stiff penalties for misuse and formulating data consent. It is a detailed legislation with many different stipulations which can be checked in detail on this link. Breach of GDPR regulations could invite sanctions, ranging from a warning for a first-time, non-intentional violation to fines of up to a massive 20 million Euros or 4% of the annual turnover of an organization, whichever is higher.
Personal Data Protection Bill – India
While not a law as yet, India’s Personal Data Protection Bill which is currently in the draft stage may be passed as early as winter this year. The Srikrishna Committee, a 10-member expert committee headed by former Supreme Court judge B.N Srikrishna and appointed by the Indian government in August 2017 to ‘identify key data protection’ issues submitted a report and a draft bill providing a legal framework for data privacy in the country in the month of July in 2018. When passed, this legislation will have jurisdiction for any data processed in India and calls for various different mechanisms like a Data Protection Authority (DPA) and categorization of data fiduciaries on different lines.
Protection of Personal Information Act – South Africa
The Protection of Personal Information (POPI) Act was passed in South Africa in 2013 and will soon come into effect in the entire country. The act intends to regulate how South African businesses collect, store, process and share personal information. The act outlines its definition of ‘personal information’ with businesses having to classify what information they collect about data subjects. The penalty for non-compliance could involve imprisonment for a period of up to 10 years or a fine of up to R10 million (rand), or in some cases, both.
Various laws – United States
While the United States does not have any overarching data protection laws, there are still various specific laws pertaining to different industries such as:
- Health Industry Portability and Accountability Act (HIPAA) – A regulatory compliance for the healthcare industry which ensures safeguards are provided for patient information.
- Payment Card Industry Security Council’s Data Security Standards (PCI DSS) – These are security standards which are required to be followed by all retail organizations that use card payment methods
- Children’s Online Privacy Protection Act (COPPA) – A US federal law that regulates the usage of personal information of children under the age of 13 in the country.
The above are just a few examples and various different sectors in the US have to comply with regulations pertaining to their industry.
Seqrite helps organizations keep up with the compliance requirements by offering robust security products and solutions for all industries. Seqrite’s Endpoint Security and Unified Threat Management solutions ensure that both data and assets are kept under strict vigil so that compliance is strictly adhered to.