Lately, the issue of data privacy has been on US consumers’ minds. The frequency of data breaches and attacks has grown rapidly while consumer data is being sold to third parties without the consumer realizing it. The fight for a singular, dedicated data protection agency has been brought to light.
While having a devoted data protection agency would likely decrease data breaches and limit selling data to third parties without the consumers’ knowledge, it would also benefit the IT Asset Management (ITAM) industry. It would standardize the data protection regulations in the US, giving IT Asset Managers a single regulation agency to focus on rather than multiple regulation agencies.
The Proposed Data Protection Agency
The US does not have a centralized entity solely devoted to data protection. According to US New York Senator Kirsten Gillibrand, this needs to change. Senator Gillibrand stated that:
“The U.S. needs a new approach to privacy and data protection… the Data Protection Agency would… with expertise and resources… create and meaningfully enforce data protection rules and digital rights.”
The proposed Data Protection Agency (DPA) would focus on the aspect of enforcement. Currently, complaints have to go through the Federal Trade Commission (FTC), but the FTC’s enforcement abilities are limited and can take a long time to take effect. If the DPA were to be established, organizations would be able to directly file complaints with the agency.
The main goals of the DPA would be to:
- Enforce privacy rules around data protection while taking complaints, conducting investigations and informing the public on data protection matters
- Promote data protection and privacy innovation in the digital marketplace
- Advise Congress on emerging privacy and technology issues
The agency is intended to protect consumer’s digital privacy. If adopted, it would create an effective process in enforcing data protection regulations.
What a Standardized Data Protection Agency Would Entail
Data privacy and protection is something that has grown in concern lately. There is not a whole lot consumers can do regarding enforcement if their data is hacked, stolen, or unknowingly sold to third parties. The proposed DPA is going the be able to protect the consumer by enforcing data protection rules and regulations. Unlawful entities will be processed for stealing or unlawfully selling data in a more timely, effective way. Having a dedicated data protection would likely cut down the amount of data hacks and breaches, along with the amount of data unknowingly sold to third parties.
How ITAM In the US Will Change
Currently, IT Asset Managers in the US follow data protection regulations from HIPAA, CCPA, SOX, GDPR (if dealing with European organizations), and a few others. If this agency is instated, the new rules would work ITAM into maturity. The government would be guiding the ITAM industry into a set, standardized path. With this new agency, it would simplify an IT Asset Manager’s job. Instead of needing to know and understand several different regulations, IT Asset Managers can specialize in one regulation, allowing them to better position themselves to protect their organization.
The proposed DPA is designed to benefit consumers by enforcing punishment against data hacks and breaches. If established, the consumer would be more protected and attacks against consumer data privacy would likely decrease. Having a single agency devoted to data protection would change the industry by simplifying an IT Asset Manager’s job. Instead of being proficient in multiple regulations, the IT Asset Manager can focus on one. This leaves time for the IT Asset Manager to focus on other areas of an ITAM program while still effectively protecting the organization’s data.
Bradbury, D. (2020, February 17). Senator calls for dedicated US data protection agency. Retrieved February 17, 2020, from https://nakedsecurity.sophos.com/2020/02/17/senator-calls-for-dedicated-us-data-protection-agency/
Gillibrand, K. (2020, February). PDF. https://www.gillibrand.senate.gov/imo/media/doc/2.11.2020_Data%20Protection%20Act.pdf
Gillibrand, K. (2020, February 13). The U.S. Needs a Data Protection Agency. Retrieved February 18, 2020, from https://medium.com/@gillibrandny/the-u-s-needs-a-data-protection-agency-98a054f7b6bf
Gillibrand. (2020, February 13). Confronting A Data Privacy Crisis, Gillibrand Announces Landmark Legislation To Create A Data Protection Agency: Kirsten Gillibrand: U.S. Senator for New York. Retrieved February 18, 2020, from https://www.gillibrand.senate.gov/news/press/release/confronting-a-data-privacy-crisis-gillibrand-announces-landmark-legislation-to-create-a-data-protection-agency
Swant, M. (2020, February 14). Senator Kirsten Gillibrand Introduces Bill To Create A Data Protection Agency. Retrieved February 18, 2020, from https://www.forbes.com/sites/martyswant/2020/02/14/us-sen-gillibrand-introduces-bill-to-create-a-data-privacy-agency/#26ff66ac53c6