Data privacy laws have been witnessing a rapid escalation for the past few years all across the globe. Privacy laws 2021 and privacy trends 2022 are proofs of that. We can expect to see the rate with which privacy laws burgeon rise in the coming years. Analysts indicate that about 65% of the total population of the world will see itself being under the influence of modern privacy laws and regulations by the year 2023. However, some important factors of data privacy regulations to consider here are the business obligations, scope, data protection, and data privacy volumes that vary by different regulations introduced around the world. This consequently makes the strength of each of the frameworks different.

As of the end of 2021, almost all the countries in the world have implemented or at least introduced data privacy laws of some sort that modulate the collection of information and the ways in which the individuals to whom the data belongs are notified about it. Another aspect that most of the regulations address are the amount of control the individuals that are subject to the data have over it after the transfer of information is carried out. Prohibitions, lawsuits, and fines are some common penalties across regulations imposed in case of inability to follow the data privacy that is applicable. Let us take a closer look at some of the most major privacy laws 2021 across regions.

Privacy Laws 2021

General Data Protection Regulation (GDPR)

If you collect any sort of data from your European customers, you are subject to the data security standards and data privacy regulations that GDPR features. The law drafted in the EU is known as a pioneer that transformed simple guidelines into privacy laws. GDPR holds businesses accountable in case of any hacking events taking place or if the data of consumers leaks. These may be caused by improper communication practices or mismanagement of third-party apps.

GDPR’s privacy laws 2021 feature the following highlights:

• Businesses are solely responsible for the collection and processing of data.
• Stand-alone solutions are an inappropriate approach for online businesses that have third-party integrations.
• Third-party vendors or data processors are not liable for any data privacy mishap, but it is the companies that accumulate and store the data.

California Consumer Protection Act (CCPA)

Customers or potential customers that are based in California are protected by CCPA. It seeks to allow users enhanced control over their data and has a strict requirement for businesses to offer an opt-out option for their consumers.

Here are the highlights of CCPA as it stands in 2021:

• All companies should include a clearly-visible button on the homepage of their websites that says “Do Not Sell.”
• CCPA demands businesses to establish proper service-level agreements with their third-party vendors as it holds companies accountable for all kinds of data privacy mishaps.
• It is significantly similar to GDPR on almost all fronts.

Health Insurance Portability and Accountability Act (HIPAA)

All the healthcare facilities in the United States are regulated by HIPAA. It looks to secure and protect the information related to the personal health of individuals and lays out privacy laws that dictate rules pertaining to the disclosure of the PHI (Protected Health Information). Furthermore, it also deals with the transactions and records in the healthcare industry and their maintenance.

Here are the key takeaways of HIPAA:

• The regulations and careful guidelines of HIPAA are universal and applicable across industries. It identifies a set of role management, employee permission, and data security regulations along with its robust data privacy laws.
• All the loose ends that can potentially cause exposure of sensitive information need to be analyzed under HIPAA by all healthcare institutions. All businesses need to carry out a comprehensive risk analysis to uncover bottlenecks that can cause trouble in regard to data privacy.
• HIPAA’s prevention is better than cure approach allows companies to save millions by mitigating settlements and remediation.

23 NYCCR 500

Ensuring the highest standards of cybersecurity, 23 NYCCR 500 targets service companies operating in the financial sector in New York. It aims to protect businesses from malicious entities and different cyber threats that look to penetrate application security systems.

• 23 NYCCR 500 directs companies to establish comprehensive and robust cybersecurity policies adhering to their business size, technologies, workflows, and regulations, etc. It also asks them to introduce their employees to the latest precautions and policies in data privacy and data security regards.
• Businesses need to contribute to each other’s risk mitigation efforts by reporting incidents as soon as they occur. The body they are required to report to is the NYDFS (New York Department of Financial Services).
• Businesses are solely held accountable and responsible for overlooking vulnerabilities in case of a breach. Third-party integrations do not hold any data privacy liability.

Some other major regulatory bodies to have maintained a strong influence regarding privacy laws in 2021 include:

• Sarbanes-Oxley Act (SOX) – United States
• Act on the Protection of Personal Information – Japan
• Digital Charter Implementation Act (DCIA) – Canada
• Law for the Protection of Personal Data – Brazil
• Privacy and Data Protection (PDP) – India
• Dubai International Financial Centre (DIFC) Data Protection Law – UAE
• China Personal Information Protection Law (PIPL) – China

Data Privacy Trends 2022

Here are some of the most significant data privacy trends that businesses need to follow in 2022:

Fragmentation of Privacy Laws

Businesses need to be wary of the fragmentation of the various data privacy laws going into 2022. Domestic as well as international laws targeting data security and privacy are getting more and more comprehensive and complex along with steadily increasing in numbers. Three US states, namely Virginia, Colorado, and California, have already introduced their own consumer privacy laws, and the number of regulations you have to cater to get much higher when you do business internationally. Although there are many similarities across these different sets of laws and regulations, the differences are significant as well. It is not long when one or two of them start contradicting one another, and major problems for businesses start arising.

Definition of Personal Information

A major aspect of privacy trends 2022 is the definition of personal information being subjected to expansion. A good example of that is the United States, where Personally Identifiable Information or PII previously consisted of the social security number and name of an individual along with their address. Now it has been included with Internet Protocol (IP) addresses, audio recordings, history of transactions and internet search, photographs, and even posts on social media. This expansion of the definition is set to enhance even more in the coming years.

Individual Consumer Rights

The rights of individual consumers are increasing, and companies and businesses need to prepare themselves with the ability to quickly respond to any personal data requests that a consumer might throw their way at any time. The consumers can now exercise their CCPA rights without any discrimination and delete the personal data that a business previously collected from them. They also have the right to be informed about how their PI is shared, collected, and used. This expansion of the rights requires companies to exercise the utmost care in this regard.

Data Management

Businesses need to manage the complete lifecycle of data in a more efficient manner with the evolution of privacy laws. Data security and privacy trends 2022 suggest that the days when companies could collect personal data of their consumers and keep it as long as they wish to are gone. Colorado Privacy Act, Virginia’s Consumer Data Protection Act, CPRA, and the Europe General Data Protection Regulation all instate an enhanced emphasis on data management and its deletion and minimization.

Emerging Technologies

The rapid advancements and modernization of technology are giving way to new potential uses of personal consumer data. This reflects a forecast of new privacy concerns to arise. The increasing use of biometric data, facial recognition, Machine Learning, and Artificial Intelligence all draw in new data privacy expectations from consumers. With new privacy issues set to come up, new sets of privacy laws are also going to make their way to the business world.

Conclusion

Privacy trends 2022 are set to change ways of carrying out business. Digitalization and new technologies are likely to continue influencing governments around the world to replace and modify their data privacy laws. All businesses that carry out intake, storage, and transmitting of consumer data and especially eService and eCommerce platforms, have to continually ensure data security and data privacy to stay compliant and protect themselves against legal implications. Privacy laws 2021 clearly mark businesses as the sole responsible party for any data mishandling of external or third-party incorporations. All this is slowly but steadily transforming the sphere of business liability, and companies of all sizes and operating in all sectors and industries need to carefully adapt to the changes being introduced.