Last year, the EU’s General Data Protection Regulator put into affect the greatest privacy law. Ever. The regulations were put in place to essentially protect public data of EU citizens. With all types of our personal data now collected and stored through websites and applications, you can be sure governing bodies will be formed to mitigate data breach here in North America.
The following is a quick run through in what businesses need to be aware in protecting customer data:
CCPA: The California Consumer Privacy Act
The CCPA applies to your website if you are for profit and collect personal data from California residents. Not-for-profit are exempt from this. This regulation is mandatory for your website if you meet the following criteria’s:
- 50% of your annual revenue comes from the sale of Californians’ personal data;
- Annual gross revenue (not profit) of $25 million or more;
- Obtaining the personal data of at least 50,000 California residents, households, and/or devices per year
Learn more here
PIPEDA: Personal Information Protection and Electronic Documents
The Government of Canada has released a mandatory requirement for all digital business practice. On their website states, PIPEDA applies to private-sector organizations across Canada that collect, use or disclose personal information in the course of a commercial activity.
The rule applies to any type of commercial transaction within and out of Canada.
Learn more here
HIPAA Privacy and Security Rules
Becoming compliant for HIPAA is intended to identify the transmission of Protected Health Information (PHI) that can be used to identify a health care patient. This data can be as small as name, email, phone number, and/or address. All healthcare vendors and providers also known as “covered entities” are mandated to be proactive in meeting all the regulations and process provided by the 104th US Congress. To understand if your organization is required to meet this compliance is by addressing these questions:
- Are you using technology that is transmitting PHI through your website?
- Is your organization storing PHI on a server connected to your website?
- Are you collecting PHI on your website?
If you answered ‘yes’, you will need to make your website HIPAA compliant.
Learn more here
PCI-DSS Requirements
Assuming you are a merchant and not a payment provider, it is important to ensure you use vendors who maintain payment security with PCI-DSS Requirements. The importance behind PCI Data Security boils down to protecting your customers who use digital means to exchange currency for your goods.
Learn if the payment merchant you use is meeting PCI Standard by visiting this link
If you have questions in how your website can be updated to meet any of the above regulations, don’t hesitate to reach out!