Historically, individuals used fireproof safes, solid steel safe boxes or safety deposit boxes at banks to preserve all of their critical and personal data. However, today due to the rapid development of technologies that collect, process, maintain and share personal data, the risk of individual harm, data breaches, misuse, litigation or regulatory fines has exponentially increased. This is driving the need for, greater data protection, expanded individual rights procedures and greater transparency.                                                                                                                                                                                 

Why? Virtually every country has enacted some level privacy regulation to regulate how personal data is collected, data subjects are informed, and what individual rights a data subject has over his or her information. Navigating these regulations can be daunting, as realized in the General Data Protection Regulation (“GDPR”), the forethought's by the authorities was to provide expanded individual rights, GDPR was just the beginning and it certainly won't be the end.                                                                                                                                                                                                                                      

Privacy regulations have been intensifying and ratified in the European Union, United States, South America, Asia Pacific and Australasia Regions, in particular regulations such as the EU General Data Protection Regulation (“GDPR”), the EU ePrivacy Directive, Lei Geral de Proteção de Dados Pessoais (“LGPD”), and the Personal Data Protection Act (“PDPA”) are only a few that have driven the new “direction” of privacy legislation globally.  In the US, starting in 2018 through March of 2023, a total of 59 privacy bills have been proposed and 9 bills have been ratified. However, the effective dates of these 9 regulations do vary, as the California Consumer Privacy Act ("CCPA") effective date was January 1, 2020 and the Tennessee Information Protection Act ("TIPA") effective date is scheduled for July 1, 2025.

As companies continue to evolve privacy programs to enable compliance, reduce risk and increase operational functionality. There are key requirements similar across these regulations, they include: data inventories, maintaining privacy notices, management of individual rights, opt-out on advertising, sale and profiling, data protection assessments, measuring and reporting compliance levels.

In today’s marketplace, business must continuously update, enhance, maintain and measure their data privacy, information governance and data protection programs. By focusing on costs vs. risks and regulatory requirements, Privacy International, LLP can define an enterprise-wide information governance program, develop incident management plans, manage a data breach, document individual rights processes, complete a data inventory or assess the compliance level of the current program.