????? The privacy regulation floodgates have opened, how well are you prepared?

?While we are a little early for the end-of-year round-ups and the 2024 prognostications – rest assured, they will come in next month’s newsletter – it is undeniable that this year has seen an explosion in data privacy regulations.?

As IAPP’s excellent round-up of 2023 in US state-level privacy developments makes clear, this was the year when the floodgates opened when it came to consumer privacy laws, with seven new laws enacted in states like Delaware, Indiana, and Iowa.?

Meanwhile, thanks to a new law with a very catchy name, “the Delete Act”, Californians can now request all data brokers in the state scrub their information, with data brokers required to register with the California privacy protection agency (CPPA). And in Washington, personal health data that falls outside the Health Insurance Portability and Accountability Act (HIPAA) is newly protected under the state’s My Health, My Data law. This law passed in April, and will gradually come into effect between July 2023 and June 2024.?

In Australia, the federal government announced its intention to overhaul the nation’s privacy laws, which will include introducing a “right to be forgotten”, bans on targeted advertising for children, and a right to sue for privacy invasions. Legislation will be introduced next year.?

Change is coming at the state level as well, with the Western Australia government announcing it is drafting privacy legislation which will include a privacy commissioner and a mandatory breach reporting scheme.?

Change is here, are you ready??

We say this often, but you need to be prepared for these laws. In this case, preparation looks like data mapping; understanding your data estate and considering how you will apply these privacy laws to your collection of platforms and storage systems.?

However, the results of our Pulse of the Industry Report 2023, released last month, suggest many organizations in Australia are still at the fundamental early stages of data governance; they are focused on the firewall, not the governance. Organizations are focused on keeping bad actors out, rather than pruning and caring for their data.?

It should be obvious now that this approach is insufficient. Hackers will always find a way in, no matter your organization’s size or sophistication. You must prepare for this eventuality so you can minimize the impact. Ensure you have visibility over all your data, so you can remove what is no longer needed.?

2024 must be the year we start thinking about the data and not just the firewall. If the law does not compel you, the hackers will.?

Enjoying this edition of FILED so far? Read the full version, and sign up to get next month's email in your inbox.?