Businesses face a host of challenges this year, from inflation to ongoing concerns with pay equality and supply chain security. These challenges will keep legal teams scrambling to stay abreast of changes in legislation and government regulations. And once again, privacy and cyber security hit the list of top business regulatory issues facing companies of all sizes.
Business legal teams know to expect common legal concerns such as legislation around worker pay and benefits, discrimination, and intellectual property. And 2023 will bring more of the same. About half of the states will likely raise the minimum wage, for instance. Other states will tackle the pay gap and enact laws mandating paid family leave.
Spurred on by rapid digital transformation and an increasing focus on data privacy, legislation at all levels also highlights the need to protect sensitive information. For decades, companies have had to abide by the standards set forth in HIPAA and PCI DSS, for instance. And in 2018, GDPR came into effect, reflecting widespread consumer concern about personal data.
Now, in the continued absence of a federal privacy law, individual states have begun implementing privacy laws. This results in a complex web of legislation that changes from year to year.
The European Union enacted sweeping privacy legislation with the GDPR. In the United States, however, privacy laws have proved much more haphazard. In the wake of GDPR, California led the charge, passing the California Consumer Privacy Act in 2018.
Other states have begun to follow suit. Currently, five states have comprehensive privacy laws, with most going into effect in 2023. Additionally, another fourteen states have introduced comprehensive consumer privacy bills. For businesses that operate across state lines, staying on top of privacy law changes can prove challenging.
Privacy laws taking effect in 2023 include the following:
The data privacy laws enacted and under discussion, as well as numerous cyber security regulations, underscore the need for businesses to strengthen their data risk management. It will prove important for companies to build defensible programs for achieving regulatory compliance and meeting cyber security needs.
For instance, regulations increasingly emphasize the need for businesses to build clarity around critical data. This means focusing on correct classification of data, allowing organizations to locate and monitor sensitive data wherever it travels.
Other risk management aspects that regulators will consider include timely disclosure of incidents and improved threat and vulnerability management. To mitigate risk, businesses will also need to improve their identity and access management programs. And they will need to manage data retention more effectively and monitor third-party processes around data.
As businesses strengthen their data privacy and security practices, they should build on a foundation of solid information governance. Unless they know what data they have, where it lives and who can access it, they cannot ensure regulatory compliance.
Additionally, regular risk assessments and compliance monitoring will highlight security gaps and areas for improvement. Corporate legal teams should be involved in this process to bring awareness of regulatory changes and promote defensible practices.
To schedule a data security assessment and begin building a comprehensive cyber security and privacy program, contact the data security and compliance experts at eMazzanti Technologies.
In today’s fast-paced digital landscape, businesses cannot thrive without effective collaboration. Microsoft continues its unwavering…
An email signature accomplishes much more than simply telling readers who you are and how…
Cyber security professionals work hard to safeguard companies’ information. But with criminals constantly changing their…
Domain-Based Message Authentication, Reporting, and Conformance (DMARC) is an e-mail security protocol designed to validate…
My job is to manage my law office’s cloud servers here at Justice Freaks. As…
My worst nightmare would be to date someone who isn’t who they say they are.…