The German state of Hesse passes the world's first data privacy law, aimed at regulating the use of automated data processing
Data Privacy refers to the protection and proper, safe handling of personal information collected by organizations. Governments, businesses, organizations, and consumers each play critical roles in data privacy and ethical practices. Data privacy is considered to be a fundamental right, crucial for a free society. Breaches can lead to misuse of data, significant financial losses, and eroded trust. The need to update and disseminate safe practices and strategies surrounding data privacy has become increasingly important in our complex, intertwined society. Common data collected and involved with data privacy include, but are not limited to, social security numbers, credit card numbers, health records, financial information, behavioral habits, and biometric data.
The California Consumer Privacy Act (CCPA), enacted in 2018, and effective as of January 2020, seeks to enhance data privacy rights for California residents. Considered one of the strictest privacy laws in the US, the law requires for-profit entities to provide consumers with the right to know and request the categories and specific pieces of personal data collected, the right to delete their personal data, and the right to opt-out of having their information sold to third parties. This law serves as an example of changing, more stringent government intervention regarding consumer data privacy.
The California Consumer Privacy Act (CCPA), enacted in 2018, and effective as of January 2020, seeks to enhance data privacy rights for California residents. Considered one of the strictest privacy laws in the US, the law requires for-profit entities to provide consumers with the right to know and request the categories and specific pieces of personal data collected, the right to delete their personal data, and the right to opt-out of having their information sold to third parties. This law serves as an example of changing, more stringent government intervention regarding consumer data privacy.
The General Data Protection Regulation (GDPR) is a comprehensive data protection law implemented by the European Union in May 2018, seeking to strengthen and unify data protection for individuals in the EU. Some key points of the legislation include requiring organizations to process personal data lawfully and transparently, offering individuals the right to access, rectify, and erase their data, mandating that organizations must obtain clear and explicit consent from individuals to process their data, and codifying that organizations must report data breaches to affected individuals at high risk. At the time of the law, the GDPR was one of the most inclusive and explicit data privacy regulations.
A key threat to data privacy is phishing attacks, where a malicious third-party acts as a verified entity to trick individuals into revealing sensitive information. Other, less explicit threats, include malware and ransomware, which target computer systems to steal sensitive information, insider threats, where employees within a company have access to and misuse personal information, and a lack on infrastructure, where weak passwords, misunderstood software, or limited encryption leave systems vulnerable to attack. As highlighted throughout this website, consumers, corporations, and governments all play a role in the preventability and success of data privacy breaches and efforts.
Most consumers are unaware of the legislation and key events associated with data privacy. First, take a look at the titles below. How many of these laws/events had you heard of before? Hover over the boxes to reveal more information!
The German state of Hesse passes the world's first data privacy law, aimed at regulating the use of automated data processing
The Organization for Economic Cooperation and Development publishes guidelines on data protection, emphasizing limitation where possible and purpose specification
The European Union establishes the Data Protection Directive, setting standards for data privacy and requiring member states to implement their laws
California implements SB 1386, the first state law requiring businesses to notify residents in the event of a data breach
Edward Snowden leaks classified documents revealing widespread data collection by the NSA, prompting a global consumer conversation around data privacy
Much wider, more comprehensive legislation is released by the EU and California regarding residents' rights
Source: National Library of Medicine