People's concerns about protecting online information grow with each new data breach headline. And with the advancement of technology, there's a good chance people might not even know what information is collected from them, let alone how companies use it.
Data privacy is essentially the ability of an individual or business to decide who sees what information and data and what can be shared with third parties. Data privacy policies help protect said data and make sure information is only used for its intended purpose, so people can't just do whatever they want with your information.
Data and information privacy are considered the most crucial consumer issue today. An organization's data protection policy significantly impacts the level of trust people have in the company. From lack of customer trust to possible fines for breaking data privacy laws and requirements, data privacy is a complicated yet essential issue for all businesses.
In a world where technology is constantly advancing, it's up to you to keep up with shifting data privacy laws — and honestly, they can all seem a little confusing at first glance. Set aside your worries, though; we did the research for you.
General Data Protection Regulation (GDPR)
The European Union created and put into effect GDPR in 2018. It's an important law because it changed the global future of privacy laws.
“But this law was passed in Europe – why should we care about it?”
It’s an understandable question, but in truth, GDPR affects businesses worldwide. It applies to organizations operating in and out of the EU, offering their services to customers or other companies in the EU. Basically, every major business worldwide needs to be GDPR compliant.
GDPR outlines what businesses of any size can and can't do with collected information. The main thing it aims to protect is personal data, which in this case specifically means any information that can be used to identify you. People knowing your name or birthday might not seem important in the grand scheme of things but add all those little bits about you together, and you'll get a pretty clear picture.
Under GDPR, individuals have the right to:
- Provide informed consent;
- Access, restrict, change their information; and
- Withdraw consent and request their data be destroyed at any time.
Canada's Anti-Spam Legislation (CASL)
We all hate spam — so the Canadian government decided to do something about it. Created in 2014, CASL outlines best practices around commercial digital marketing to combat spam issues. CASL applies to any commercial electronic message (CEM) sent from Canada or accessed by someone in Canada. A CEM is a message sent electronically to another electronic address (voicemail, email, etc.) where the purpose of the message is to promote a "commercial activity."
Under CASL, if you're sending a CEM, you need to comply with three main requirements:
- Obtain consent and be able to prove you have consent
- Provide identification by making the type of message and who is sending it clear
- Provide an unsubscribe option as part of the message
Quebec's Bill 64
The latest Canadian data privacy law is Bill 64, created in 2021 and specific to Quebec. This law aims to "modernize" the protection of people's data and will come into force on September 22, 2022. It applies to organizations in Quebec and any organizations collecting data from people in Quebec.
Bill 64 emphasizes an organization’s responsibilities when managing and protecting people's information. Bill 64 also has specific and strict rules on collecting, using, and disclosing collected data.
Under Bill 64, organizations must:
- Obtain meaningful informed consent by providing information in simple language (keyword: simple),
- Notify individuals how and where their data is being used, and
- Destroy data or get rid of identifying information once the goal of data collection has been achieved.
What can you take away from this?
There's a lot of information here, and we understand it might be overwhelming and hard to digest. In fact, that's precisely how you should feel after reading this — there's so much legislation surrounding data privacy and protecting personal information! As of January 2021, over 130 jurisdictions worldwide have data privacy laws, which will only increase. Who has time to sit there and read over 100 privacy laws? We sure don't. One of the best ways to protect your business and ensure you're compliant is to have a detailed privacy security policy and ensure your team has a legal team on its side — AKA someone whose job is to read over 100 privacy laws, so you don't have to.
Are you feeling overwhelmed with your website’s security management? We can’t blame you! Our team of experts is here to help. Contact us today to find out what we can do for you!