Extract from Doug Austin’s article “Identifying and Protecting Data Within Your Organization is a Moving Target”
Organizations have a lot to contend with regarding their data these days. Data is more sensitive than ever, due to ever-changing data privacy laws. Yet, it’s also under siege more than ever with an increasing number of cyberattacks every year.
But perhaps the biggest challenge is that identifying and protecting that sensitive data is a moving target. Why? Because data doesn’t stand still.
Stakes are Higher Than Ever for Protecting Sensitive Data
Since the General Data Protection Regulation (GDPR) went into effect in May 2018, the stakes for protecting personal data have grown considerably. Add to that US state laws in California, with the California Consumer Privacy Act (CCPA) and its replacement the California Privacy Rights Act (CPRA), Virginia’s Consumer Data Protection Act (CDPA), the Colorado Privacy Act (CPA) and the Utah Consumer Privacy Act (UCPA) (which was just signed last week).
While there are similarities between the various state laws to date, there are differences between each as well. All the state laws except the CCPA have been signed into law in the past 18 months. With 46 states still without a comprehensive data privacy law, expect to see many more state laws passed in the next few years (absent a federal law).