Navigating data privacy in 2023

By the Blueprint Team

Data privacy had a busy year in 2022, and 2023 is expected to build on that momentum. In the U.S., several states added themselves to the patchwork of privacy legislation and for the first time ever, congress introduced bipartisan, bicameral federal legislation: the American Data Privacy and Protection Act (ADPPA). While the effort to pass ADPPA was foiled last year by the thorny issue of state preemption, companies should understand that consumer privacy has arrived in the U.S., and it will continue to expand with or without federal law. With this in mind, Blueprint’s top data privacy professionals recently shared insights and recommendations for proactively addressing these changes. Their responses have been compiled below:

Understanding the Impact of New Privacy Laws on Your Business

Director of Privacy Consulting at Blueprint, Parinati Sarnot, said that with new 2023 privacy laws going into effect across five states—California, Virginia, Colorado, Utah, and Connecticut—assessing and reviewing existing privacy programs against changing legal requirements is unsurprisingly top-of-mind. “The key focus is on implementing new choices granted to users by this legislation, including the ability to opt-in or opt-out of the sale of personal information, sharing of personal information in relation to behavioral advertising, the processing of sensitive personal information, and automated decision-making.” She added, “These requirements will have a direct impact on some revenue and business models, so it will be important for each company to carefully evaluate their options for implementation.”

Managing Data and Consumer Rights

In addition to implementation planning, extending new rights to users may also require revisions to current controls and processes. Emily Leach, Privacy Director at Blueprint, said, “Virginia’s new law came into effect Jan. 1 alongside the CPRA amendments, with each bringing new consumer rights to restrict the way businesses handle user information.” Leach notes that clients will need to put processes in place to manage opting out of sharing data and targeted advertising and ensure they have their data classifications around sensitive information properly constructed. She added, “Leveraging the systems in place for the first iteration of CCPA and GDPR have been helpful, but there is still work to be done.” 

Data Governance and Navigating Compliance Requirements

Kevin Donahue, Director of Privacy Engineering at Blueprint, says and leveraging technology is a critical step in navigating the compliance process. “Clients continue to evaluate how they can better integrate technology and automation with existing and new processes ensures privacy and data governance are being done well,” Donahue said. “Beyond legal compliance, companies that champion privacy and data governance as core values integral to meeting user and customer expectations are increasingly looking to Blueprint to design those programs,” he said, adding, this includes identifying risks, defining success, developing project plans, and working with stakeholders to integrate these new programs into day-to-day work with minimal churn. He added, “We have also seen an increase in clients seeking assistance with identifying meaningful metrics on these programs to better inform what’s working and adding value.”

Investing in Privacy Architecture and Scalable Solutions

While the potential impact of new data privacy laws are getting a lot of attention, Blueprint Strategic Consultant Aaron Weller has also noticed a big-picture change: Investing in privacy architecture is now a business imperative. He said, “A major focus that I’m seeing is the need for companies to prioritize scalable solutions that can be deployed across global organizations and to millions of devices and users.” He added, “Privacy impact assessments all too often look at a specific use of data, resulting in reinvention of the wheel and disparate solutions that fail to scale. Privacy architecture provides a set of tools that can be applied to existing and proposed use cases in a standardized manner to speed innovation and reduce friction.”

A Proactive Approach to Data Governance and Scalability

Assessing, reviewing, and iterating your company’s privacy program against new legislation is likely already high on your priority list for this year. After all, requirements will only become more complicated as new laws take effect. Additionally, being proactive with privacy and data governance and deploying solutions built to scale with these inevitable changes is the best way to future-proof your privacy program. 

Share with your network

You may also enjoy