The US could follow the EU’s GDPR as CEOs from technology giants like Amazon, Dell, IBM and Salesforce pen an open letter to the US Congress requesting federal level data privacy laws.
A total of 51 leaders from major companies which also included AT&T, Mastercard, Walmart and JP Morgan Chase signed a letter on behalf of America’s Business Roundtable, according to reporting by ZDNet and others.
Data privacy law, as in Europe, is progressing in the US. However much new legislation is passed at state level or by various US law making agencies. The result of this is different regulation across parts of the US, with national and multinational companies needing to adjust their operations regionally. A federal law would provide blanket data privacy law for the whole of the US which could be more simply applied to software products, data storage, and everyday compliance.
Following the example of GDPR?
GDPR, implemented for the EU as of May 2018, covers the data and data privacy of EU and European Economic Area (EEA) citizens as well as what happens to the data if it travels outside of Europe’s borders. Consumer and government concerns, coupled with GDPRs likely influence and reach, may well be inspiring the US and other countries to take a closer look at comprehensive data laws.
The Business Roundtable in the US boasts many of America’s largest companies as members. It has produced its own “consumer privacy framework,” broadly similar to GDPR, that it hopes the US Congress will build upon when creating federal level data privacy law.
The organisation and the CEOs signing the open letter believe a federal law will ensure “strong, consistent protections for American consumers” and allow “American companies to continue to lead a globally competitive market,” as per CNBC reporting. The letter explains:
“As Chief Executive Officers of leading companies across industries, our companies reach virtually every American consumer and rely on data and digital platforms every day to deliver and improve our products and services,” continuing that “Consumer trust and confidence are essential to our businesses. We are committed to protecting consumer privacy and want consumers to have confidence that companies treat their personal information responsibly.”
An impact on companies across the globe?
In the same way as GDPR applies to companies operating in Europe, any federal data privacy law passed by the US government will surely apply to companies operating within the borders of the US. But, in the same way that GDPR followed similar policies of its predecessor The Data Protection Act, companies already complying with GDPR will have laid the foundations to comply with other global data privacy frameworks.
Data privacy protection will always be a work in progress
That said GDPR compliance was not achieved with one single click for most companies. As well as an IT systems and software challenge, GDPR needs employee awareness at all levels.
Achieving GDPR compliance has been and remains a steady process for many companies. As other countries, like the US, follow with their own regulations, all companies will need to continue to assess their systems and processes and educate their employees to achieve and retain compliance.
As the EU enters its second year of GDPR, European companies still need to work to maintain their compliance and build employee awareness. This work can include process and practice audits, the updating of policies and conducting refresher training. All companies must also keep themselves and their systems up to date and protected against cyber threats and cyber-crime.
The Defence Works offers GDPR training with a free demo available. We’ll also be on hand and be improving our offering as global data privacy laws impact our customers too. Data privacy legislation is here to stay and likely to be even more comprehensive in the future as consumers and lawmakers respond to the continued threat of the theft and misuse of very valuable personal data.