Like the statutes passed in those other states, as well as the EU’s General Data Protection Regulation, the Connecticut Data Privacy Act establishes various rights that consumers (i.e., Connecticut residents) have with respect to their personal data that is “processed” (collected, used, stored, disclosed, etc.) by businesses falling under the reach of the Act. Similarly, the Act also contains requirements for minimizing data collection, obtaining consent, disclosing practices (in a privacy policy), honoring opt-outs from certain processing, and much more, Matt Borick (Litigation and Data Security/Privacy Lawyer at Downs Rachlin Martin PLLC) writes on LinkedIn.
He also goes on to discuss the progress of the American Data Privacy and Protection Act (ADPPA), a federal law that would unify how data privacy is treated throughout all fifty US states similar to GDPR within EU. https://www.drm.com/articles/adppa-american-data-privacy-protection-act/
While passing and enacting US federal laws is a slow process, it’s clear that no organization can deny that data privacy is becoming increasingly important, cannot be ignored and with or without forcing legislation it’s time to act now to understand the data your organization has. Northern can assist in that understanding starting with what type of data, how old is it and where it sits. Based on that prioritize and categorize the data to do further analysis identifying sensitive data and potential threats through faulty permissions. Once you understand your data you are able to act on your findings. Northern’s software provides an end-to-end solution allowing you to present the data to the relevant stakeholders, take actions such as move or quarantine and measure the level of success. This allows organizations to reduce the risk of their unstructured and semi-structured data footprint, across all their data repositories, both on-prem and in the cloud.
Download the White Paper: Data Privacy: Considerations Relating to Management of Data
