Last month, Toyota disclosed that it had suffered its second data breach in just five weeks. The most recent breach exposed the personal details of over 3 million of its customers. This is but one of countless breaches that have affected the security of sensitive customer information in the past couple of years.
This cascade of breaches and hacks has led to major political efforts to protect private information collected by companies. Consumers have lobbied for change, and justifiably so. In the past year we have seen the European Union implement its General Data Protection Regulation (GDPR), California passed its California Consumer Privacy Act (CCPA), and Brazil implemented a General Data Protection Law.
It is clear that major political capital is being spent in order to protect sensitive user data. Even at the federal level, we have seen data privacy go from being a niche topic to one that is regularly addressed in current presidential campaigns. Elizabeth Warren recently announced plans to hold executives directly liable for data breaches and suggested that penalties should include jail time. While it’s unlikely that this bill will pass, what is becoming apparent is that consumer data security is now firmly center stage.
GDPR represented a new type of regulation in both its scope and impact on companies and consumers. In the European Union, we saw many firms spend considerable resources in preparation for its arrival. CCPA is California’s answer to GDPR and provides California residents with certain rights over their personal data, and applies to many companies that operate within the boundaries of California. Although the regulation is slated to go live on January 1, 2020, many companies are still wading through its more ambiguous areas.
Unfortunately for companies, while there are similarities between the two regulations, particularly around consumer rights and data access requests, each regulation requires the development of a whole new set of processes and policies.
Looking to the Regulatory Future
It’s obvious that as the intensity and scope of breaches continue to grow, so will the push for more regulation. It’s highly likely that the introduction of CCPA will lead other states to follow suit and create their own regulations. For firms that operate across the United States, this could potentially mean complying with multiple different sets of regulations. There is a large degree of uncertainty to all of this. We could even potentially see an overarching federal law that will attempt to regulate and protect consumer data nationwide.
Opting out of the Arms Race with Zero Data
At VGS we’d argue that companies are rapidly approaching a tipping point. As they look out to the future, they see that the regulatory demands placed on them will only increase. The time has come for companies to begin exploring ways to opt out of the compliance arms race. The challenge for companies however is that they will always need to interact and extract the value inherent in sensitive data in order to meet their business objectives. VGS and our Zero Data approach offers a new way to interact fully with sensitive data, throughout its lifecycle, without the cost or liability of custodianship. With Zero Data, companies can offload current and future regulatory requirements to VGS so that they can focus on what they do best.
To learn more about Zero Data see our short explainer video here. You can also read here about how the Fintech company Brex, embraced the Zero Data approach to avoid the headache of compliance and speed products to market.