Security News > 2021 > January > It’s time for a national privacy law in the US

Some states have enacted privacy laws, and the federal government has enacted industry-specific laws - HIPAA, Gramm-Leach-Bliley Act and FCRA - but there is no single, homogeneous enforceable set of data privacy guidelines that all US companies are required to follow.

With the emergence of stronger privacy laws abroad, the absence of national data privacy regulation in the US is making it harder for US companies to compete for global partners.

Companies in the financial services, healthcare and retail sectors are fighting the hardest for a comprehensive consumer privacy law as their business efficiencies are becoming heavily dependent on collecting consumer data that is often shared with third parties, risking the prospect of a data breach.

By implementing a national privacy standard that is similar to other global legislation, US companies would collectively protect data more responsibly and effectively than it does currently.

Given the growing importance of data privacy as a key business expectation, having a strong national legislation will expand the number of opportunities with businesses in countries where data privacy is already mandated and become a competitive differentiator against other players in their space.

One of the key elements of the GDPR - which would likely be part of a comprehensive US privacy law - is the requirement that data protection for applications and databases is implemented "By design and by default", and there are two important components necessary to adhere to such a requirement.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/MHUbjsFt8a0/