August 28th, 2019

The Rise of Data Privacy Laws

Technology is not slowing down and neither is its reach into the public’s data. Since the widespread use of the internet, businesses and companies have discovered the power of mining data and the importance of protecting consumers’ personal data. With the growing concern of daily data breaches, data privacy laws have been enacted on a global level and the United States is next in line to increase the implementation of its own privacy laws.

The European Union’s new General Data Protection Regulation (GDPR) went into effect May 2018. Since its activation, global companies have felt the massive economic impact of fines imposed for personal data breaches. Companies like Marriott International, Capital One, and Facebook have all been fined under the GDPR for personal data breaches. Even smaller entities are feeling the impact of these fines as they attempt to create efficiencies utilizing AI software. The GDPR has undoubtedly increased companies to take greater steps in protecting consumer’s personal data and has sparked a movement in law that regulates this vast field.

The United States took a different approach in attempting to regulate personal data. Instead of one generalized regulation, like the GDRP, the United States has individualized sector-specific laws that are enforced through state legislation. For example, The Health Insurance Portability and Accountability Act (HIPAA) regulates the health sector, The Federal Information Security Management Act (FISMA) is a federal law that requires federal agencies to safeguard personal data, The Gramm-Leach-Biley Act (GLB) protects personal information stored in financial institutions.

The issue that arises between the different legal frameworks between the EU and U.S. stems from the lack of uniformity between the countries regulations. The U.S. has multiple laws, some of which may or may not meet the standards of the GDPR. Similarly, the GDPR has been criticized as being too broad or inapplicable to certain areas. Regardless, of which framework proves to be more successful, it will inevitably continue to be an issue enforcing companies to comply with multiple standards and regulations.

Despite the novelty of data protection laws, companies are undoubtedly aware of the necessity and seem to be proactive about safeguarding consumer data.  There are sundry ways businesses of all sizes can manage their data and prevent breaches. Basic principles include:

  • Consistent and clear policies that all employees comprehend.
  • Training for all employees on policies, stressing the importance of keeping data secure.
  • Comprehensive policy management.
  • Limit access to sensitive and private data to as few employees as possible.
  • Hold employees accountable for failing to comply with company policy.

The GDPR has set the groundwork for future uniform data protection laws, whether the U.S. will implement a similar regulation or continue to increase sector specific regulations, it is important that businesses of all sizes are educated on global, national, and state-level data privacy laws in order to prevent both the financial burden and negative media attention that arises from violations of such laws. For more information about privacy laws and how to properly manage and implement policies, contact Gross McGinley at 610.820.5450.


Attorney Kara Beck is a commercial litigator, representing companies of all sizes in lawsuits including breach of contract matters, employment disputes, and other legal actions. 

The content found in this resource is for informational reference use only and is not considered legal advice. Laws at all levels of government change frequently and the information found here may be or become outdated. It is recommended to consult your attorney for the most up-to-date information regarding current laws and legal matters.