Data privacy is a branch of data security that covers the handling of data notice, consent, and regulatory obligations. Data privacy laws regulate how personal data is collected and stored. They impose restrictions on the use of data, such as how it is shared with third parties.
The effect of recent GDPR legislation passed under EU law, as well as examining increasingly stringent US laws governing the use of personal data require exploration with experts.
The EU’s General Data Protection Regulation (GDPR)
Enacted throughout the European Union through a formal process that began in 2018, GDPR proved a powerful influence on privacy laws adopted around the world throughout 2019.
From Australia to Brazil and Argentina, countries have implemented data privacy laws closely aligned with GDPR in recent months. Meanwhile, multinational corporations such as Marriott and British Airways have been hit with multi-million-pound fines for breaches of the new regulations.
US Data Privacy Laws
In the United States, legislators have debated the issue of data usage. The Congressional Task Force on Financial Technologies announced in November 2019 that neither Republican nor Democratic members were satisfied with current US legislation governing financial data practices.
New York, New Jersey, and Massachusetts were among several state legislatures that announced plans to develop their own state privacy regulations. The move sparked concerns that United States data privacy laws could become a disjointed patchwork, with each state fixed primarily on its own privacy requirements.
California was the first US state to adopt its own regulatory framework, with the passing of the California Consumer Privacy Act.
Jarno Vanto is a partner in law firm Crowell & Moring’s Privacy & Cybersecurity Group. He warns that, since the California Consumer Privacy Act only came into force at the beginning of 2020, it will be some time yet for these new regulations to become operational and yield lessons for federal regulators.
US Legal Obligations for Encryption of Personal Data
Data protection laws in the United States are state-specific as well as sector-specific. The majority of US states have their own data breach notification laws.
Established in 1914, the Federal Trade Commission (FTC) protects American consumers against deceptive, anticompetitive, and unfair business practices. The organisation ensures American organizations implement adequate encryption processes to protect consumer data.
Under recent interpretations of the FTC Act, cases have been brought against several well-known US organisations for data breaches that compromised the personal data of millions of American citizens.
Lilin Sun, CEO and founder of PlatON, a cryptographic computing network, explains that innovative technologies such as the Internet of Things, blockchain, artificial intelligence, big data, and cloud computing have led to the effective reorganization of data, meaning that many more data scandals are expected to emerge in the future.
How Can Cryptography Protect Data?
‘Crypt’ comes from the prefix meaning ‘hidden’, while ‘graphy’ means ‘writing’. Cryptography essentially encrypts and decrypts data, meaning that it can be sent from one party to another securely. Even if the message is intercepted, cryptography renders it tamper proof.
Cryptography protects confidentiality, maintains integrity, confirms authenticity and ensures non-repudiation. The origins of the term date back to the reign of Julius Caesar, but in its present context, cryptology is the battleground of some of today’s leading computer scientists and mathematicians.
About Domen Zavrl
With cryptography qualifications from Stanford, as well as a PhD in Applied Macroeconomics and a second PhD in System Dynamics, Domen Zavrl has specialist knowledge of collateral exchange, business brokerage and securitizations. Mr Zavrl is a member of the Institute of Internal Auditors and has worked with several prestigious companies throughout his career, including Enpetro and Framingham Asset Management.