A federal consumer privacy law has been on and off and back on the table for years now.
And the idea of a national one has garnered renewed attention recently as California passed comprehensive and strict consumer privacy legislation in 2018, the same year that the European Union implemented its stringent General Data Protection Regulation (GDPR). There are a handful of other states with strict privacy laws – New York and Massachusetts, for example.
Consumer privacy laws generally focus on the protection of consumers’ personal information through limits on the use of that information and security requirements for how that information must be stored. Businesses have to follow privacy laws that pertain to wherever they do business and have customers.
A federal privacy law could raise the bar for companies in many states and provide some consistency through the country. One hurdle to passing such a law, however, is disagreement on whether states like California should still be able to opt for more consumer protections than a federal law would offer.
But it doesn’t matter where you do business or your customers live. Not really. The giant takeaway here is that privacy isn’t an issue that is going away anytime soon or anytime at all. I find a lot of business take this attitude of, “It’s not my problem. I’m just in North Carolina and all of my customers are in North Carolina.”
That way of thinking could cost you. Your business. Your reputation. Or at least some hefty legal fees.
One thing I often tell my clients:
“Forget about doing the bare minimum to comply with privacy laws. If someone is going to sue you for negligence for releasing their information, and you don’t have great protections in place or any protections in place, the standard that you will be judged on is what a reasonable business would have done. And if what you did to safeguard was nothing, you are going to be in trouble.”
Consumer privacy is something every business needs to be concerned about. Not ever company needs to have big bank level security, of course. But making sure you have the right privacy protocols and safeguards in place should be a priority – no matter if there is a federal consumer privacy law. To ignore matters of consumer privacy is an operations risk and a public relations risk, both of which can sink your business pretty quick.
Bottom line: Consumer privacy is a big deal and always will be.
Is your business prepared?