- Last year, Virginia passed the Consumer Data Privacy Act (CDPA), and Colorado passed the Colorado Privacy Act (CPA). Likewise, California recently amended the California Consumer Privacy Act (CCPA) and passed the California Privacy Rights Act (CPRA).
- A key change included in recent laws requires companies to practice data minimization—only collecting necessary data. Practicing data minimization empowers companies to use privacy as a profit center by saving operating expenses like storage. Also, reducing the amount of data on hand eliminates potential legal risks if there happens to be a data breach.
- To be ready for the full effect of these privacy laws in 2023, companies should use 2022 to identify the data they have collected to comply with the new regulations. You can view a full comparison between the CCPA, CPRA, CDPA, and CPA here.
- Additionally, keep a look out for Maryland, Oklahoma, Ohio, New Jersey, Florida, and Alaska to pass privacy legislation in 2022.
- India’s Data Protection Bill (DPB) is expected to be signed into law in 2022. Though there is no formal implementation date, companies doing business in India will need to be prepared for additional compliance measures over the next year or two.
- Experts recommend companies form an effective compliance strategy. You can find a guide to the DPB here.
- As early as February 2022, the Personal Data Protection Act (PDPA) financial penalties could be raised for breaches of prohibitions and data protection provisions. You can find a compliance guide here.
- This year, expect increased enforcement of the General Data Protection Regulation (GDPR), especially pertaining to children’s data, health and financial information, and digital marketing.
- New legislation affecting digital services and platforms, online marketing, third-party data providers, and cross-border data transfers is expected to become law.
- China’s new privacy law, Personal Information Protection Law (PIPL), took effect in November 2021 and presents new compliance means for companies.
- PIPL’s global reach applies to any company that processes personal data while providing a service or product to Chinese residents.
About Ardent Privacy
Ardent Privacy is an “Enterprise Data Minimization and Privacy Technology” solutions provider based in the Maryland/DC region of the United States and Pune, India. Ardent harnesses the power of AI to enable companies with comprehensive data management and automated compliance with PDPB (India), RBI Security Guidelines, GDPR (EU), CCPA/CPRA (California), and other global regulations by taking a data-driven approach. Ardent Privacy’s solution utilizes machine learning and artificial intelligence to identify, inventory, map, minimize, and securely delete data in enterprises to reduce legal and financial liability.
Ardent Privacy articles should not be considered as legal advice on data privacy regulations or any specific facts or circumstances. This article is written to express the opinion of the writer and nothing else.