i-SIGMA CEO Comments on New Jersey Regulatory Event
September 11, 2019
The New Jersey legislature is confronting an issue that all states (and all governments) will soon be forced to confront.
As the saying goes, the genie is out of the bottle and, in the case of data protection and privacy regulations, it is the GDPR that rubbed the proverbial lamp. In short, what the GDPR did was give full control of personal information to the data subject – the individual. As a result, the individual can go to any data controller (organization), ask to see what information they have on them, have that information corrected if necessary, approve or deny the sharing of that information, or ask that the information be deleted.
On the heels of the GDPR, and propelled by the Cambridge Analytica scandal, California passed the GDPR-esque Consumer Privacy Act (effective Jan 1).
More than Keeping Up with the Joneses
What’s happening now, in New Jersey and other states, is more than just following the leader. Laws like the GDPR and CCPA are not just highly popular among the citizens (who want to be in control of their data), but also from an economic development perspective. This new generation of law 1) does not stop at their state’s borders but rather applies to their citizens, and 2) includes provisions that forbid their citizens’ information from being sent or stored in jurisdictions where the same provisions and protections do not apply.
As to his participation and take-aways from his participation, Johnson says it is clear that most data controllers and service providers don’t yet realize the extent of the changes.
“I left with the impression many data controllers – even the large ones – are resting on their existing data protection mechanisms,” said Johnson. “I am not sure they realize what it means to be at the beck and call of every person whose information they are storing. And, while I believe the new compliance requirements are manageable, there will certainly be unintended consequences.”
“As for service providers,” Johnson adds, “the new regulations will be a boom or a bane depending on whether or not they’re ready. I think the first course of action is to revisit service contracts.”