January 28th marks Data Privacy Day which commemorates the signing of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data.  This international treaty is the first of its kind to address privacy and data protection.

Strong privacy and cybersecurity safeguards are paramount to the success of companies and the consumers they serve.  These issues are so critical they took center stage at the annual Consumer Technology Association’s Consumer Electronics Show (CES) held earlier this month where tech companies of all sizes promoted their “privacy first” products and services.

Today we, Epstein Becker Green (EBG), are reminded about our commitment to support clients strengthen their privacy and cybersecurity programs.  EBG continues to help countless clients to navigate complex federal, state and international laws governing personally identifiable information (PII) and protected health information (PHI).

In that spirit of Data Privacy Day, we are sharing three key areas to watch in 2020:

  1. States are Aggressively Legislating around Privacy and Cybersecurity

Legislation at the state level is just beginning.  Leading the charge on January 1, 2020, the California Consumer Privacy Act (CCPA) went into effect.  Other landmark legislation including the New York Stop Hacks and Improve Electronic Data Security Act (SHIELD) Act and Nevada’s privacy bill (SB-220) are also in effect.  Many other states are actively considering legislation as well.  Specifically, we recommend watching Washington State’s efforts to pass the Washington Privacy Act (SB-6281).  We anticipate other states will model their legislation based on experiences with these early state laws.

  1. Federal Legislation is Needed to Fill Large Gaps in Privacy Regulation

Rapidly changing consumer sentiment about privacy coupled with aggressive state legislation is putting pressure on the U.S. Congress to pass an overarching privacy law to unify an otherwise fragmented privacy rules.  Nearly a dozen federal bills have already been proposed going into the 2020 Congressional year, with more expected to follow.  We recommend considering these possibility disruptive federal legislation efforts when updating privacy and cybersecurity programs moving forward.

  1. Privacy Laws are Increasingly Putting Consumers in Control of their Data

Trends in state and federal laws are increasingly empowering individuals with rights to transparency and control over how their data is collected, used and shared.  In particular, the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC) appear poised to finalize proposed rules regarding the secure access, exchange, and use of electronic health information.  To be positioned for these changes, we recommend that entities take stock of what data they collect, where it is stored, and how to build mechanisms to respond to data exchange requests in a timely manner.

As we continue into 2020, remember that compliance in these areas is a marathon, not a sprint.  An ounce of prevention equals a pound of cure.