Extract from Tim Rollins’s article “The Privacy Compliance Trifecta: The Easiest Way to Meet Your Privacy Obligations”
News happens fast in the world of privacy. Every day, it seems that a European regulator, data protection authority, or judicial committee issues new regulations, an enforcement action, or guidance for businesses. In the United States, federal regulatory agencies have stepped up their enforcement of existing laws. 2023 alone will see three comprehensive state privacy laws go into effect, and five states have passed laws before summer. For privacy professionals, it’s a full-time job just keeping up with the news!
But what’s happening behind the headlines is just as—if not more—important. Consumer attitudes have changed seismically. People are no longer content to allow organizations to collect their data and then use it to sell more goods and services back to them. Goli Mondavi, Counsel at Bryan Cave Leighton Paisner, LLP, explains, “We’re seeing a real cultural shift in the way people think about their personal data. There’s no longer this willingness to share personal data in exchange for free digital services.”
This confluence of legal, regulatory, and market forces are forcing businesses, and in particular their legal departments, to rethink how they collect, retain, process, use, and ultimately dispose of consumer data. It is no longer feasible for organizations to try to comply with this complex patchwork of regulations, especially when some are based on geography and others on industry, data types, and data subjects. They must design and implement a privacy program based on fundamental principles: the Compliance Trifecta.
