Is Your Company Prepared for Data Privacy Regulation?

The U.S. May Be Next for Data Privacy

Many countries have passed data privacy laws in recent years. The European Union’s General Data Protection Regulation went into effect in 2018. That same year, Brazil passed its General Data Protection Law.

The U.S. may be next. According to PYMNTS, the push for major data privacy legislation is gaining bipartisan support, although it also faces some opposition. The American Privacy Rights Act (APRA) builds on previous attempts to legislate data privacy, notably the American Data Privacy and Protection Act. Among other things, it would:

Navigating New Data Privacy Rules

There is no guarantee the APRA will pass. If it does, it may undergo major changes first. If it doesn’t, a similar law may pass in the future.

In the meantime, companies already need to comply with state-level data privacy laws, such as the California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act (CPRA), which went into effect in 2023. Under the CPRA, California residents have multiple rights, including the right to limit the use of sensitive personal information collected about them, opt out of the sale of their personal information, know what personal information businesses have collected, correct inaccurate personal information, and delete personal information.

These laws apply to for-profit businesses that do business in California (regardless of their location) if they have a gross annual revenue of more than $25 million, if they buy, sell, or share the personal information of at least 100,000 California residents or households, or if they derive at least 50% of their annual revenue from selling or sharing the personal information of California residents.

Other states have also introduced data privacy legislation. According to Bloomberg Law, 18 states already have comprehensive data privacy laws in place, whereas some have narrower laws and some have proposed new laws.

Are You Doing Enough to Safeguard Customer Data?

Many industries – including insurance and real estate – require high-quality customer data. However, consumers have good reason to worry about their data privacy. Data breaches have become a common occurrence, with potentially devastating consequences for victims whose data is sold to identity thieves.

To gain consumer trust and comply with evolving regulations, businesses need to take data privacy seriously. The steps this involves will depend on the type of data you collect and how you use it. For example, businesses may need to do a thorough audit of all the data they’ve collected, used, shared, or stored. Some businesses may also need to create new positions to oversee data and compliance with rules, including responding to requests from consumers to see, correct, or delete data.

How to Comply with PCI DSS

Payment data requires special attention. The consequences tend to be severe when a data breach leads to the leak of names, addresses, and email addresses. When credit card details are stolen, identity theft is likely. According to the FBI’s Internet Crime Complaint Center (IC3), there were 19,778 complaints of identity theft in 2023, with losses of more than $126 million.

When businesses take payments, they are responsible for keeping the payment information safe. There’s an easy way to do this: work with a secure payment processing provider.

PCI standards establish guidelines for payment data security. When you work with a PCI DSS-compliant payment processing provider, you know that your customers’ payment data is in good hands. Tranzpay uses tokenization and compliance with PCI security standards to keep your customers’ payment information safe. We also have a dedicated PCI DSS-compliance team to monitor compliance among merchants. Contact us to learn more.