Preview Mode Links will not work in preview mode

Mar 25, 2022

A lack of a unifying federal privacy law in the U.S. like the European Union’s General Data Protection Regulation (GDPR), and a growing patchwork of state regulations to keep track of, can make it tricky for your business to maintain compliance. This is exactly why we have today’s guest here to help us navigate the difficult eco-system of state privacy laws. Donata Stroink-Skillrud is the President of Termageddon and the engineer behind Termageddon’s policy questions and text. She is a licensed attorney and a certified information privacy professional. She often volunteers at the Illinois State Bar Association holding courses on the General Data Protection Regulation where she teaches other attorneys on the importance of privacy and what Privacy Policies should contain.

Trusting Companies With Your Data

Privacy and protecting your personal data has probably shown up on your radar a lot lately because of the number of merchants that have reported data breaches. Target had a huge data breach of 40 million customers back in 2013. When an event of this scale happens, you realize we can’t depend on others to protect our data. It was her experience with having her own data compromised in that breach that led Donata to pursue a career in privacy law and policy.

Consumers Pay the Price

When there is a data breach, consumers are the ones who pay the price. Between monitoring your credit report to make sure no unauthorized lines of credit have been opened, to closing credit accounts or getting new credit cards reissued, there is a great deal of time and effort needed to mitigate the impact of the data breach. This all comes at the expense of the consumer, who has to invest their time in making all the right moves to protect themselves.

The High Price on Non-Compliance for Businesses

It can be costly for companies when they don’t comply with privacy laws. Depending on the state, there can be huge penalties and fines at stake. 

However, there is also an enormous cost involved in compliance. Having a privacy policy on your website is just the first step in compliance. Each state has their own privacy laws, so understanding those laws and making sure you comply, for many businesses, requires a full time Compliance Officer.

Automating Privacy Policies

At one point in her career, Donata ended up being the person that fielded all of the business privacy compliance questions, and she found that meeting the compliance standards for each state was rather repetitive. 

This led to the quest for automating this repetitive process of asking the same questions and gathering the same data, and with that automation process, Termageddon was born.

Business After GDPR

Businesses were thrown another “privacy curveball” in 2014 when the EU passed GDPR. Today, companies don’t just have to worry about privacy laws in the U.S., they now have to worry about international privacy laws.

GDPR standardized the privacy laws for all the EU countries. The US has not taken that step yet, so business owners and the public must grapple with a bevy of very complex privacy laws in each state.

Consenting to Privacy Policies

From the consumer standpoint, it’s very difficult because these state privacy laws require all these disclosures, making privacy policies really long, really difficult to read. There’s a lot of information there. It’s very hard for consumers to understand which privacy rights apply to whom. The privacy laws also don’t explain the gray areas like how they define a resident, and when a person officially becomes a resident of a state.

Pitfalls of the Patchwork

Different state laws have different definitions of what it means to sell data. But some companies are saying, we don’t really sell your data, but according to California’s law, we do. 

This makes it confusing for both businesses and consumers to understand what their privacy rights and obligations are.

Links:

Termageddon

IAPP Committee

ABA Committees

Donata on LinkedIn