With 5 new state laws passed and 3 laws coming into effect July 1, American data privacy is--slowly--catching up to Europe
View in browser

Data Privacy Happenings πŸ“°

Hello from MineOS's monthly newsletter, The Privacy Mindset! πŸ‘‹

 

The GDPR is now over 5 years old, giving it a substantial head start over the vast majority of data privacy regulations within the United States, but with the EU largely concerned with the complex process of enforcing such a landmark regulation in the years since its passage, the U.S. has slowly been passing more and more data privacy laws.

 

That doesn't mean the U.S. has gotten its act together on the topic, far from it. Europe continues to tell its younger ally that the framework for data transfers between the two economies must be stronger for the EU board to deem it adequate, creating issues as the discussions drag on without resolution.

 

But stateside, the wheels are finally turning, and in 2023, they've picked up speed. So far this year, 5 states (Iowa, Indiana, Tennessee, Montana, and Texas) have passed comprehensive data privacy laws, and a few more seem likely to pass before the year ends. Likewise, Washington just passed a sweeping new data privacy bill for healthcare data (more on that in a section below).

 

July 1, 2023 also marks a key date for U.S. data privacy, as California's CPRA, Colorado's CPA, and Connecticut's CTDPA all officially become effective. Suffice to say, a lot is happening.

 

That's not to detract from the GDPR, which is dropping 9- and 10-figure fines every month and of course set the basis for most of the bills in both the United States and abroad, but attitudes around the matter are in different (mostly positive) places. 

 

There is finally momentum on data privacy in America, and even if all these bills fail to match the full scope of the GDPR, the bevy of regulations makes it feel like the gap in how both sides of the Atlantic approach data might be closing. 

 

A large test in the coming year will be how these new American state-level laws adjust, as California famously passed sweeping progressive amendments to its own regulations within 24 months of its passing. Likewise, Connecticut just dropped a few major amendments to its law weeks before it goes live to increase protections for children's data and health data.

 

This precedent might actually work out well, getting the heavy lifting done first and hammering down details later, which is easier to do for a topic that has broad, bipartisan support like data privacy does. Either way, with more than a handful of laws finally on the books, America data protection is in a better spot relative to where it's previously been compared to the EU, which continues to be mired in fights with (often American) corporations and fighting hard battles over things like dark patterns. 

 

Europe has paved the way and continues to push forward with the plow, but its pace has slowed and countries like the U.S. have greatly benefitted from the set path. 

Product Spotlight πŸ”¦

Beyond pushing new and innovative features that make the MineOS platform the best data governance solution it can possibly be, we're always looking for good quality of life upgrades that make the day-to-day use of the platform easier.

 

We released several usability features in May, and one of the most convenient ones is the enhanced ability to export various elements and data from MineOS.

 

Historically users could export their data Inventory and newly-discovered data sources in Radar, but the platform's new option lets users export everything everywhere all at once! This includes lists like the above mentioned along with Unused Assets (like minimized systems or off-boarded employees), Processing Activities, and more.

Regulation Focus πŸ”¬

Washington's My Health My Data Act, Section 2.3

"With this act, the legislature intends to provide heightened 8 protections for Washingtonian's health data by: Requiring additional 9 disclosures and consumer consent regarding the collection, sharing, 10 and use of such information; empowering consumers with the right to 11 have their health data deleted; prohibiting the selling of consumer 12 health data without valid authorization signed by the consumer; and 13 making it unlawful to utilize a geofence around a facility that provides health care services."

 

Although Washington does not currently have a comprehensive data privacy law and is not poised to be one of the next few states to pass one, America's rainiest state made quite the splash this Spring with the passage of its My Health My Data Act (MHMDA).

 

Intended to fill the data privacy holes still standing from the federal HIPAA bill passed in 1996 and further strengthen data protection for health-related information, the bill has instead kicked up a round of conversation as to what actually constitutes a comprehensive data privacy regulation. 

 

MHMDA took years to pass, and its final form contains such generalized definitions (such as the excerpt above from the beginning of the bill) of what health data is and which organizations need to comply that many privacy professionals are treating it as a comprehensive bill.

 

This says nothing of the extensive list of data rights the bill gives Washingtonians, which nearly matches the rights newly passed state regulations like TIPA and ICDPA grant their own residents. 

 

One of the major takeaways of MHMDA is that privacy watchers--and organizations on the whole--need to pay closer attention to everything going on in the industry and in government. Even bills that sound sector-oriented could end up influencing the overall state of data privacy with the growing attention the sphere has captured.

Founder's Corner πŸŽ™οΈ

CEO & co-founder Gal Ringel

Q: As a CEO, inspiring workers is a big part of the job. What's your best advice for new hires?

 

A: If you've been hired for a job, the company is already putting faith in you and betting that you're a good fit for their culture, so have confidence in yourself! After all, success is a management of failures, so don't be afraid to take risks and experience failures. This is how we learn best!

 

Webinars & Events πŸ“…

Stay tuned and keep an eye on our social channels for announcements about our next summer webinars!

 

In the meantime, check out our most recent webinar with Data.AI's Risk & Compliance Analyst Taufiq Azam and our own VP of Customer Success Daniel Goldfeld as they explored practical tips and tricks for implementing a comprehensive data map.

 

Screenshot 2023-06-21 at 11.46.22 PM

We're always around

to talk data privacy.

Chat with us at press@saymine.com 

flybook

How did you like this month's issue?

Let us know

SayMine Technologies Ltd., 94 Igal Alon st., Alon 1, Tel Aviv, Israel, 6789155

Unsubscribe Manage preferences