Laws aimed at protecting consumers' privacy have been around for decades, but most have been so limited that they were widely ignored. That all changed in 2016, when the European Union passed the General Data Protection Regulation (GDPR). GDPR was different from all its predecessors for several reasons, including
A couple of years later, the state of California followed suit by passing the California Consumer Protection Act (CCPA), which mirrored many of the GDPR's requirements, and more laws in other states are making their way through legislatures—or have already been passed.
Think about the last time you ordered something online—pizza, athletic shoes, the latest iPhone, movie tickets, whatever. As part of the ordering process, you probably gave the vendor information like your name, phone number, email address, maybe your physical address, and credit card information (or they already had this info from when you first set up your account). No big deal, right?
But did you ever think about what happens to all that data after you click "Place order?"
Chances are it doesn't just sit on a server just waiting for you to place another order. Companies make money—big money—selling personal information to advertisers, so that those advertisers can target ads to you based on your age, gender, geographic location, past purchases, online habits, and a slew of other factors. Your information can change hands any number of times and wind up in the hands of any number of companies (some less legit than others), and you'd never know it.
And then there are the breaches. You've probably heard about companies like Equifax, Marriott, eBay, and Yahoo!, where cyberthieves hacked their way in to steal millions of customer records. If the thought of a criminal knowing your name, address, phone number, and other personal information gives you the creeps, it should.
Basically, data privacy laws put into enforceable legislation many measures that responsible businesses should be taking anyway, including
Curious about whether your state has a data privacy law in place, and if so, what it entails? Here's a handy resource published by the International Association of Privacy Professionals. (Just be warned: data privacy regulations tend to be heavy on legalese, so you may need to ask a parent to help you translate. We can help, too.)
Give us a shout.