Ralph Villanueva (rvsvillanueva@yahoo.com) is IT Security and Compliance Analyst for Diamond Resorts International in Las Vegas, Nevada, USA.
GDPR. CCPA. LGPD. PIPEDA. Do these acronyms perplex you? If so, you must be wondering how they affect you, and the answer is: in more ways than you know.
GDPR is an acronym for General Data Protection Regulation,[1] the European Union law that protects the data privacy rights of its 447 million residents. CCPA stands for California Consumer Privacy Act,[2] which is seen as a possible model for a nationwide data privacy law.[3] LGPD, or Lei Geral de Proteção de Dados, which is the General Data Protection Law in Portuguese,[4] is the equivalent of GDPR in Brazil, the largest country in South America, with a GDP of almost $2 trillion in 2019. PIPEDA, or the Personal Information Protection and Electronic Documents Act,[5] protects the data privacy rights of 38 million Canadians. And despite the pandemic, or in spite of it, the surging wave of data privacy laws shows no sign of cresting. For instance, Panama’s data privacy law[6] took effect March 29, 2021. Though it is a small country, the fact that annual international trade worth $270 billion passes through the Panama Canal makes this law important to international trade compliance professionals.[7]
By now, you must be asking, “What does this mean for me?” As compliance professionals in your organization, you must be familiar with the Health Insurance Portability and Accountability Act, Occupational Safety and Health Administration standards, state regulations, and industry requirements. However, the onslaught of new data privacy laws elevates compliance to a new level of complexity. If unmanaged, these new standards can result in legal, financial, and reputational damage to your organization. Fortunately, these escalating levels of complexity can be managed by a combination of the right technology and qualified information technology (IT) and compliance professionals. As laws and business requirements evolve, so does the IT component of every business.
The role of IT has expanded beyond providing email and application access to company employees and third-party users. And just like the Panama Canal, the IT privacy compliance officer sits at the crossroads of data privacy laws and your company’s compliance functions, and can greatly help the compliance function meet the demands of these data privacy laws.