PrivacyRisk and ComplianceSecurity

The Top Four Data Privacy Trends to Watch in 2020 – Part 1

Pam Kamath
March 9, 2020
5 min read

This two-part series takes a detailed look at what’s ahead this year in data privacy, including trends around the world and what next steps should be taken to stay ahead of the ever-changing privacy landscapeTo learn more about how we can support your organization, visit our data privacy consulting page.

Data, often considered to be the “oil of the digital world,” is now considered the most important asset and lifeblood of today’s digital economy. We are only creating more of it and now, more than ever, significantly rely on digital technology to run our businesses. With each passing year, the magnitude and cost of data breaches exceed the year before, leading to a shift in how consumers view their data and expect their data to be secured. In 2019 alone, breaches soared, with billions of consumer accounts exposed. As a result, we have seen an increasing number of data privacy regulations, with many more in the pipeline. Now, more than ever before, companies are expected to have the right safeguards in place for data they collect, process and share in order to earn consumer and employee trust in data security.

With this context in mind, we share the top data privacy trends affecting businesses, both domestically and across the globe.

Several data privacy laws on the way

The GDPR inspired the movement. Following the record penalties for Google and Marriott Hotel Group under the European Union’s General Data Protection Regulation (GDPR) (enacted in May 2019), California enacted the groundbreaking California Consumer Privacy Act (CCPA) act in January. Similar to the GDPR, under this state statute, California residents have data privacy rights to the access to, deletion of, and sharing or selling of personal information collected by businesses. Further regulations are on the way, both internationally and domestically. So, what exactly should businesses and consumers need to be prepared for?

  • Businesses need to be on the lookout for any relevant global, federal and state privacy or data protection laws in the pipeline and any rapidly evolving developments to those laws
  • Businesses must quickly establish and maintain consumer and employee trust that they are doing the right thing with information they collect
  • Businesses need to recognize that regulators and law enforcement are now enforcing data privacy requirements more than ever

On the global horizon we see:

Brazilian General Data Protection Law (LGPD) – This law is heavily inspired by the GDPR, is expected to take effect on August 15, 2020 and will be the largest data privacy law in Latin America. The LGPD is intended to replace fragmented legislation to create a unified law.

India – The long-awaited Personal Data Protection Bill, 2019 was introduced to the Indian Parliament in December 2019 and is currently being reviewed by a Joint Parliamentary Committee. We will likely see this bill progress through the Indian legislative process in 2020.

China – A Personal Information Protection Law and the Data Security Law have now been included in the legislative planning of the National People’s Congress (NPC) of the People’s Republic of China’s Standing Committee. The laws go through several rounds of drafts before finalized versions can emerge.

Others joining the global data privacy rush:

Indonesia – Indonesia is prioritizing the bill for the Personal Data Protection Act in their 2020 National Legislative Program, which is part of the Government’s data sovereignty roadmap.

Sri Lanka – Released the final draft of the Framework for the Proposed Personal Data Protection Bill in September 2019, which when ratified, will be implemented within three years from the date it is certified.

Other countries such as Japan, Malaysia, Hong Kong, Australia and more have rushed to make amendments to their existing privacy laws.

Privacy regulations in the U.S. are at an all-time high

From a business standpoint, it would be easier if there were a single federal statute like the EU GDPR. For now, however, businesses will need to be aware of differing state privacy laws, along with several data breach and biometrics laws which may also be applicable. The approach we often recommend is to leverage the most comprehensive privacy law (likely the GDPR or CCPA as fit) to develop a privacy program and governance, and to further layer in state variances as they are enacted.

Across the U.S., the patchwork of privacy bills is only getting more convoluted. In 2019, a number of proposed state privacy laws failed to move out of their house of origination in Nevada, New York, New Mexico and Hawaii. This effectively ends their entry into the 2020 legislative session.

In summary, 25 states, including Puerto Rico, have considered legislation on various aspects of consumer data, and all 50 states have their own laws about data breaches impacting personal information. The complex privacy landscape within the country creates enormous burden on businesses to navigate the complexity of these laws.

Tomorrow:  Part 2: What to Watch for in 2020 Data Privacy Trends

Pam Kamath

Associate Director
Technology Consulting – Security and Privacy

View all posts

You may also like

Subscribe to Topics

Protiviti Technology Follow

Protiviti leverages emerging technologies to innovate, while helping organizations transform and succeed by focusing on business value.

ProtivitiTech
protivititech Protiviti Technology @protivititech ·
18 Apr

Learn more about what GRC Managed Service is and what it can do for SAP S/4HANA and SAP cloud solutions in the latest #SAP Blog post. https://ow.ly/OMaL50RfsHw #ProtivitiTech

Reply on Twitter 1781035159438954997 Retweet on Twitter 1781035159438954997 Like on Twitter 1781035159438954997 Twitter 1781035159438954997
protivititech Protiviti Technology @protivititech ·
17 Apr

Protiviti is a proud sponsor of ServiceNow Knowledge 2024—a three-day conference all about #AI. Stop by our booth (#2503) to visit with our team and learn how the #ServiceNow platform makes business transformation possible. https://ow.ly/qa6p50Rh9wf

Reply on Twitter 1780627914964308382 Retweet on Twitter 1780627914964308382 Like on Twitter 1780627914964308382 Twitter 1780627914964308382
protivititech Protiviti Technology @protivititech ·
16 Apr

What is #DesignThinking? Could it help your organization? Find out how Protiviti uses it to help clients build net new applications and modernize legacy systems. https://ow.ly/fMK550Rfsoi #ProtivitiTech

Reply on Twitter 1780204913663873376 Retweet on Twitter 1780204913663873376 Like on Twitter 1780204913663873376 Twitter 1780204913663873376
protivititech Protiviti Technology @protivititech ·
15 Apr

Join our May 2 webinar designed for privacy and security professionals seeking to navigate the intricate nuances of data governance within the ever-evolving global regulatory landscape. Register today! https://ow.ly/hzrG50R4fTX #ProtivitiTech #DataPrivacy

Reply on Twitter 1779872392535212145 Retweet on Twitter 1779872392535212145 2 Like on Twitter 1779872392535212145 1 Twitter 1779872392535212145
protivititech Protiviti Technology @protivititech ·
12 Apr

The latest Technology Insights Blog post offers insight into the unique risks associated with Large Language Models (LLMs) and how to establish strategies to mitigate them. https://ow.ly/q3w550RfbXm #ProtivitiTech #TechnologyInsights

Reply on Twitter 1778890996282982442 Retweet on Twitter 1778890996282982442 Like on Twitter 1778890996282982442 Twitter 1778890996282982442
Load More