Thursday, January 28, 2021
In honor of Data Privacy Day, we provide the following “Top 10 for 2021.” While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2021.
COVID-19 privacy and security considerations.
During 2020, COVID-19 presented organizations large and small with new and unique data privacy and security considerations. Most organizations, particularly in their capacity as employers, needed to adopt COVID-19 screening and testing measures resulting in the collection of medical and other personal information from employees and others. This will continue in 2021 with the addition of vaccination programs. So, for 2021, ongoing vigilance will be needed to maintain the confidential and secure collection, storage, disclosure, and transmission of medical and COVID-19 related data that may now include tracking data related to vaccinations or the side effects of vaccines.
Sarbanes-Oxley Act (Sarbox, SOX)
Purpose: Enacted in 2002, the Sarbanes-Oxley Act is designed to protect investors and the public by increasing the accuracy and reliability of corporate disclosures. It was enacted after the high-profile Enron and WorldCom financial scandals of the early 2000s. It is administered by the Securities and Exchange Commission, which publishes SOX rules and requirements defining audit requirements and the records businesses should store and for how long.
To whom it applies: US public company boards, management and public accounting firms.
Key points for CISOs: SOX places requirements around maintaining integrity and availability of financial data, and controls for who has access to that data. Specific rules need to be in place for:
How to Ensure Data Privacy and Organizational Security
Today-January 28
th-is known as Data Privacy Day (or, in the European Union, Data Protection Day) in the United States, Canada, Israel, and the 47 EU countries in which it is observed.
Privacy-especially data privacy-is vital. Many national constitutions-in fact, over 150 of them-mention the right to privacy. It s also been mentioned in the United Nations Universal Declaration of Human Rights, and is protected under the European Convention on Human Rights. There have been a number of privacy regulations enacted in many countries, regions, and states, including the EU s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
To embed, copy and paste the code into your website or blog:
While Data Privacy Day brings renewed awareness one day each year to privacy and cybersecurity, privacy compliance must be integrated into your business processes 365 days a year. As the landscape continues to change, evidenced by recent bills in New York and Washington state, 2021 may prove to be the year when responsibility for protecting personal information and honoring consumer rights starts to go nationwide.
On this Data Privacy Day, in the wake of 2020’s major data breaches and legislative movement, this alert highlights some changes to privacy law on the horizon as well as an upcoming web event hosted by Carlton Fields’ Cybersecurity and Privacy Practice regarding changes to California’s privacy law landscape.