Skip to main content

 Top 10 for 2023: Happy Data Privacy Day!

Matthew J. Frechette






In honor of Data Privacy Day, here are our top ten predictions for data privacy and cybersecurity in 2023.





1. Security and tracking of health and medical data

More and more people are looking at how well online and app-based health information is protected by the healthcare industry.


There will be a lot more lawsuits and maybe even OCR compliance reviews in 2023 about the privacy of medical information and HIPAA, including new technologies like pixels and other tracking methods. As the needs and benefits of remote health care brought on by the pandemic are thought about more, there will be more rules about health apps and websites.


Businesses in the healthcare industry should keep working with their lawyers to look at new ways to provide healthcare services, such as new technologies, while keeping patients' medical information and privacy in mind. Putting in protections from the beginning can be very helpful. Medical device and technology companies will also need to think about how their devices and technologies could capture or change medical information, as well as the rules and best practices that go along with that.




2. A Mishmash of Laws and Rules Concerning Privacy and Cybersecurity

At the moment, nine states (Indiana, Iowa, Kentucky, Mississippi, New York, Oklahoma, Oregon, and Tennessee) are thinking about privacy bills for consumers. There are already laws on the books in California, Colorado, Connecticut, Utah, and Virginia, which makes this field even more complicated.


More cities and states will put in place cybersecurity rules to protect privacy and data, including in certain industries. In 2022, for example, the Nevada Gaming Commission and other government bodies made security rules for businesses in the gaming industry. Lawyers who work in New York are now required by the New York State Bar to get continuing legal education in cybersecurity every year.


The Biden Administration released its regulatory agenda, which included new cybersecurity requirements for government contractors, the maritime industry, public companies, and others. The Securities and Exchange Commission also has plans to make new rules about cybersecurity.


In 2023, it will be more important than ever for businesses to know what data they are collecting, why they are processing it, and how it is stored and protected so they can follow the many privacy laws around the country.




3. Again, again, again, California

With the implementation of its first-in-the-nation comprehensive consumer privacy law and more enforcement actions taken under that law, California will continue to be a leader in the privacy data space. California will definitely change the way other states and the whole country think about privacy laws.


The California Privacy Protection Agency (CPPA) is still making changes to the California Privacy Rights Act's rules (CPRA). These changes are very important for covered organizations, both when they are doing business and when they are hiring people.


But it doesn't end there. California is also the first state to pass AB 2273, a law that protects the online privacy of children. This is another first for the state.




4. Employee privacy and keeping track of them

As long as working from home stays popular, there will be more rules about how employees can be watched and how their privacy can be protected. The NLRB's General Counsel sent out a memo about electronic monitoring of workers last year. In the memo, the General Counsel suggested that employers set up "narrowly tailored" practices to meet "legitimate business needs" and decide if the practices are more important than the Section 7 interests of employees. If the employer shows that its narrowly tailored business needs are more important than these rights, the General Counsel will still "urge the Board to require the employer to disclose to employees the technologies it uses to monitor and manage them, its reasons for doing so, and how it is using the information it obtains," unless the employer can show special circumstances.


In some fields, monitoring of the "workplace" goes beyond the home office. Think about logistics and transportation. More and more states are trying to pass laws about digital license plates, which could include technologies for tracking vehicles and telematics. California's new law on tracking vehicles and managing fleets puts a lot of responsibility on employers who use these technologies to keep an eye on their fleets.




5. The federal government will be part of the privacy law

We're taking a bit of a risk here, because year after year, people have said that the federal government would make a national privacy standard. None of those predictions came true, of course. The federal government is moving much more slowly than the states to join them in regulating privacy, but we do expect it to keep trying, whether through administrative rules from the Federal Trade Commission or proposed laws for national privacy protection. This could be the year!




6. Artificial intelligence, automated decision systems, and privacy

AI and Automated Decision Systems got a lot more attention and were used a lot more in 2022, along with the possible effects of both on jobs and other things. Many people, including the Biden Administration, are worried about their privacy because of this. According to the framework issued by the White House in 2022 pertaining to the use of AI, data privacy was one of the five protections that individuals should be entitled to when using AI.


As AI and automated decision systems become more common in businesses and everyday life, people will worry more and more about how to protect their privacy.




7. More lawsuits about privacy

As privacy laws spread across the country, there will be more lawsuits about privacy in 2023.


The Biometric Information Privacy Act (BIPA) of Illinois will lead to more lawsuits as plaintiff's lawyers find more ways that the law could be used, from dash cams to timekeeping. Several states, such as Maryland, Mississippi, and New York, are thinking about biometric privacy laws that could lead to more lawsuits. A few years ago, the city of Portland put a ban on using facial recognition. Now, lawsuits are being filed against the city because of the ban.


BIPA and the Telephone Consumer Protection Act (TCPA) continue to be at the center of a lot of court cases. However, there is a growing trend of cases trying to apply newer technologies to privacy laws like the California Invasion of Privacy Act (CIPA), the Florida Telephone Solicitation Act (FTSA), the Video Privacy Protection Act (VPPA), and the Genetic Information Privacy Act (GIPA) (GIPA).




8. The EU kept enforcing privacy laws

Companies that move personal information from the European Economic Area (EEA) to the United States may soon be able to use a new transfer mechanism. In October, President Biden signed Executive Order 14086 as part of the process to set up the EU-U.S. Data Privacy Framework (DPF), which will replace the EU-U.S. Privacy Shield framework, which was ruled unconstitutional. The EU Commission has put out a draft decision that, if approved, will make it possible for the DPF to move forward. In the meantime, the U.S. Department of Commerce said it will help current participants in the U.S. Privacy Shield get ready for the change to the new framework.


In October, the European Data Protection Board gave the first European Data Protection Seal, called Europrivacy, its stamp of approval. Europrivacy is a way for data controllers and processors to show that they follow the GDPR. It is a certification system.


The U.K. Information Commissioner's Office still gives the most attention to AI and protecting personal information. In November, the ICO put out a report called How to Use AI and Personal Data in a Legal and Appropriate Way. At the beginning of the year, the EU Commission released an updated proposal for laying down unified rules on artificial intelligence (Artificial Intelligence Act). The proposal sets up a legal framework that includes requirements for AI systems that are based on principles, rules for the development and use of AI systems that are consistent with each other, and a system for regulating AI systems.




9. Ransomware attacks and data leaks, as well as secondary enforcement actions, will keep happening.

We will continue to see ransomware attacks, business emails being hacked, and other data breaches caused by smart hackers and weak cybersecurity. As states continue to tighten their requirements for data breach notification, organizations are likely to face more enforcement actions on top of the costs of business interruption and direct costs to deal with the incident.


Organizations can't stop all attacks from happening, but they can work harder on regulatory compliance, being ready, and planning for how to handle an incident. The more strong an organization is in these three areas, the more likely it is that it will be able to resolve a government action related to a data breach.




10. Pay more attention to the sector of critical infrastructure When it comes to privacy and cyber security,

Cyber Incident Reporting for Critical Infrastructure of 2022, which was part of the Consolidated Appropriations Act of 2022, was signed into law in 2022. In short, the law says that certain entities in the critical infrastructure sector must report to the Department of Homeland Security (DHS):


a covered cyber incident within 72 hours after the covered entity has reason to believe it happened, and


any ransom payment made because of a ransomware attack within 24 hours of making the payment (even if the ransomware attack is not a covered cyber incident to be reported)


Critical infrastructure has been under attack for a long time, so the Cybersecurity Infrastructure Security Agency (CISA) has started to pay more attention to this sector. This is because small and medium-sized providers are also under attack. In a recent review of 2022, CISA said that it would focus on "target-rich, resource-poor entities" like small water facilities that are part of critical infrastructure but don't have large security teams.


For these and other reasons, we think that data privacy will still be a big deal in many industries in 2023.

Comments

Post a Comment

Popular posts from this blog

 Headline: One Overlooked Metric That Could Transform Your Company’s Value You know gross margin impacts your profit, but have you considered the impact it has on the value of  your company? When assessing your company’s value, acquirers and investors will often scrutinize your gross profit  margin. Gross profit margin is the difference between a company’s revenue and its cost of goods sold. In  other words, it’s the profit a company makes from each unit of product or service sold after accounting  for the cost of producing or delivering that unit but does not include other fixed expenses. For example,  if a company sells a product for $100 and it costs $70 to produce and deliver it, the gross profit margin  would be $30, or 30%. A high gross profit margin is a crucial factor for investors and potential acquirers as it indicates that a  company has established pricing power through marketing differentiation and possesses a competitive  advant...
Post a Comment
Read more

Simplify Your Hiring Process with Liberty Payroll Solutions'

Are you a small business owner who finds it hard to find and hire new people? Are you swamped by the piles of resumes, interviews, and other parts of the hiring process? Stop looking! The PXT System from Wiley is what you need, and Liberty Payroll Solutions has it. Small businesses can find it hard and time-consuming to hire new workers. From sorting through a lot of papers to setting up interviews and keeping track of paperwork, it can quickly become a lot to handle, taking time and resources away from your business's main tasks. This is where the PXT System from Wiley from Liberty Payroll Solutions comes in. It will make your hiring process easier and help you make better hiring choices. The PXT System from Wiley is a strong online tool that speeds up the hiring process by giving you tests and insights to figure out if a job candidate is a good fit for a certain role in your company. With its advanced features and easy-to-use interface, the PXT System makes it easy to handle the ...
Post a Comment
Read more

What is EBITA? Should I care if I am a small business owner?

 Understanding EBITA is a key measure of a small business's financial health. As the owner of a small business, it's important to know the key financial measures that can help you figure out how healthy and profitable your business is. EBITA, which stands for Earnings Before Interest, Taxes, and Amortization, is one of these metrics that is often used. This article will explain what EBITA is, how it is calculated, and why small businesses with fewer than 50 employees should care about it. What does EBITA mean? EBITA is a measure of a company's operating success and profitability. It looks at the company's ability to make money from its operations, minus the costs of interest, taxes, and amortization. People also call it "operating income" or "operating earnings." EBITA gives information about how well a business is doing financially by showing how much money it makes from its core operations, without taking into account funding costs, taxes, and non-...
Post a Comment
Read more