What’s new in 2023? The Dayspring Technology experienced consultant has reviewed and compiled a list of newly released and updated compliance and management standards for the first half of the year.
Data Privacy and Cybersecurity Updates
“There are a variety of privacy and related standards that have been proposed, released, or updated in the past six months. Regulated industries need to be well-versed in these changes to ensure they are in compliance,” says Ryan Coleman, Dayspring Technology Principal Consultant.
Speak with our data and cybersecurity consultant by emailing email@example.com.
Here are some of the new developments in data privacy laws and cybersecurity standards in the past 6 months:
Revisions to the California Privacy Rights Act (CPRA)
The California Privacy Rights Act (CPRA) went into effect on January 1, 2023. The CPRA is an amendment to the California Consumer Privacy Act (CCPA), and it expands the CCPA's protections for California residents. The CPRA includes new rights for consumers, such as the right to know how their data is being used, the right to delete their data, and the right to opt out of the sale of their data.
Updates to VCDPA, CPA, and CTDPA
Several new state privacy laws are set to go into effect in 2023. These laws include the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), and the Connecticut Data Privacy Act (CTDPA). These laws are all modeled after the CCPA and the CPRA, and they provide similar protections for consumers.
Release of General Data Protection Regulation (GDPR) 2.0
The European Union is working on a new privacy regulation called the General Data Protection Regulation (GDPR) 2.0. The GDPR 2.0 is still in the draft stage, but it is expected to include new provisions that address issues such as data portability, artificial intelligence, and consent.
Announcement of US National Cybersecurity Strategy
The Biden administration is taking steps to strengthen privacy protections in the United States. The administration has issued an executive order on spyware and announced a new National Cybersecurity Strategy that impacts privacy controls and promises to (i) Defend Critical Infrastructure, (ii) Disrupt and Dismantle Threat Actors, (iii) Shape Market Forces to Drive Security and Resilience, (iv) Invest in the Resilient Future and (v) Forge International Partnerships To Pursue Shared Goals.
Dayspring consultants are certified and trained in Privacy frameworks and technology, members of IAPP, and have developed Privacy Information Management Systems (PIMS) for Fortune 100 organizations.