Effective data security is standard for any modern data-driven business or agency. But as data breaches, compliance laws, and customer awareness continue to increase, the spotlight on data privacy is brighter than ever before.
Our most recent Immuta Unlocked Newsletter highlights the growing importance of effective data privacy measures for modern organizations, and provides insights into how they can scale with growing privacy needs.
Here is a roundup of the privacy-centric stories we followed in January:
The Influence of Dutch GDPR Enforcement
Article: How the Netherlands Is Taming Big Tech (The New York Times)
The General Data Protection Regulation (GDPR) set the standard for modern data privacy and security laws after its inception in 2016. Its regulations are well known across industries, laying the groundwork for a multitude of national, international, and federal regulations in the years since. However, this does not mean that organizations are maintaining GDPR compliance as effectively as they could be.
The specificity of Dutch GDPR application, in both adherence to regulatory guidelines and the use of additional technical and legal assessments, demonstrates a rigorous criterion that can bolster the privacy efforts of any data-fueled organization. The stringent nature of Dutch compliance is starting to become an example for how many tech giants approach data privacy. Companies like Microsoft, Google, and Zoom have already demonstrated the Dutch’s impact on Big Tech through their own privacy assessments. Whether it be GDPR or any other compliance laws and regulations, there is no question that privacy-enhancing expectations will play a significant role in the future of secure data use.
A Shift in U.S. Data Privacy Laws for 2023
Article: U.S. data privacy laws to enter new era in 2023 (Reuters)
The United States is no stranger to state-level data privacy laws and regulations. Inspired by GDPR, the California Consumer Privacy Act (CCPA) was enacted in 2018 to protect the privacy rights of those who lived in the state. While CCPA was a state-specific regulation, it still applied to any organization processing California residents’ data, no matter where that company was based. Since CCPA, a collection of other states have created similar laws to protect their own citizens’ privacy. For one, California updated their CCPA requirements by passing the California Privacy Rights Act (CPRA). Other state regulations include the Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Utah Consumer Privacy Act (UPCA), and more.
What these acts all have in common is their transition from a prevention-based approach to a rights-based one. Rather than simply attempting to prevent harm, these regulations provide citizens with rights to actively affect how their personal data is being used. These rights–including those to access, correct, transfer, or erase their data–are likely to ensure that personal autonomy is reflected in future state-level legislation across the United States. And with more rights accorded to the citizens of these states, there will need to be more intentional privacy standards and practices across the board.
Large-Scale Data Breaches Are Still Rampant
Article: T-Mobile says hacker accessed personal data of 37 million customers (TechCrunch)
On January 19, T-Mobile disclosed a data breach that allowed hackers to access the personal information of roughly 37 million of its customers worldwide. In its disclosure to the SEC, the telecom corporation shared that this breach was carried out through an application programming interface (API), and had been exploited for over a month, starting in late November. The data accessed by the hackers included information such as customer names, addresses, phone numbers, emails, birthdates, account numbers, and more.
This is the fifth major data breach T-Mobile has experienced in just as many years. It serves as a reminder that regardless of size and past experience, all organizations must remain vigilant with their data privacy and security practices. When dynamic security measures are paired with proactive privacy applications, threats can be met head on with inherently less risk to customer privacy.
Fortnite Developer Served Major Privacy Fines
Article: Fortnite Maker Epic Games Hit With $520 Million in Fines, in Part for COPPA Violations (CPO Magazine)
Epic Games, the studio behind Fortnite, has been no stranger to legal troubles during its ascension in the video game space. Amidst continued legal battles with Apple over its own Fortnite application, the studio was hit with a major monetary fine for neglecting to comply with child privacy legislation. The FTC announced it would be fining Epic Games $520 million for a variety of privacy-related issues, including direct violations of the Children’s Online Privacy Protection Act (COPPA).
The fines directly related to COPPA totaled $275 million, and were tied to the ways in which Fortnite’s default settings affected the children regularly playing the game. These included automatically matching players under 13 with adults in game lobbies, directing marketing campaigns at children to encourage in-game purchases, and collecting and storing the children’s personal information. By knowingly flouting privacy regulations like COPPA, organizations can expect similar fines from governing bodies. Data privacy is only becoming more widely expected, and proactive compliance can help companies to avoid these costly violations.
Keeping Up with Key Stories
Showcasing the evolving application of privacy regulations and the consequences of not adhering to them, January’s Key Stories serve to reinforce just how essential data privacy practices are for today’s organizations.
To stay up-to-date on the latest in data security and beyond, subscribe to the Immuta Unlocked Newsletter today. Each month, we include Key Stories in the newsletter to provide you with access to the latest news in data.
We’ll see you next month!