Patrick O’Kane (patrick.okane@fisglobal.com) is a London-based UK Lawyer (Barrister) and Data Protection Officer for a US Fortune 100 company.
There has been something of a tsunami of privacy regulation over the past few years, and this is set to accelerate. According to Gartner, 10% of the world’s population in 2020 had a modern privacy law regulating the use of personal data, and it predicts that by 2023, 65% of the world’s population will have a modern privacy law.[1]
Since 2018, we have had major privacy laws implemented: the General Data Protection Regulation (GDPR) in the European Union, the California Consumer Privacy Act (CCPA) in the US, and the General Data Protection Act in Brazil. A major new privacy law is expected in India—the Personal Data Protection Bill—in 2021.
These regulations have many features in common, including security requirements, large penalties and fines for breaches of the regulation, and privacy notice requirements. They also share an important common feature. They give individuals the right of access over their personal data. Under privacy regulations, an access request is usually a right for an individual to access and receive a copy of all of the personal data your company holds on them. This may include any record containing their name or information.
Knowledge is power
In the movie My Cousin Vinny, the inexperienced but streetwise defense lawyer Vinny Gambini is trying his first murder case against an experienced prosecutor. “I’d sure like to get a look at your files,” he says to the prosecutor. Vinny is delighted with himself and feels he has been very skillful when the prosecutor immediately grants him access. Vinny, in his naivete, doesn’t know that he had a legal right to access the files all along.
More and more individuals are learning about their own legal right to access their personal data, so it is becoming more prevalent on a global scale.
