9ine Insights | Latest news from 9ine

New Data Protection Agency Addressing US Privacy Crisis

Written by 9ine | Feb 21, 2020 12:14:08 PM
Last week, US Senator Kirsten Gillibrand (D-NY) published a bill that, if passed, would create a US federal data protection agency designed to protect the privacy of Americans and with the authority to enforce data practises across the country. The bill, which Gillibrand calls the Data Protection Act, will address a "growing data privacy crisis" in the US, the senator said. This marks a significant step forward for the United States. Not only will the new act create new data protection rules, but it will also establish an independent federal agency to regulate and enforce those rules.

This new data protection agency will have specialist knowledge in technology, data protection, civil rights, law, and business and will have the power to impose civil penalties for data breaches across the public and private sectors. The US is one of only a few countries without a data protection law (along with Venezuela, Libya, Sudan, and Syria). Gillibrand said the US is "vastly behind" other countries on data protection.

In a Medium post, Gillibrand wrote that Americans “deserve to be in control of their own data.” Gillibrand’s bill lands just a month after California’s consumer privacy law took effect, more than a year after it was signed into law. The law extended much of Europe’s revised privacy laws (GDPR) to the state.

So, what does this new bill mean for schools?

Having guided schools worldwide through a similar journey with the introduction of the EU General Data Protection Act, there are a number of things that schools should start doing now to prepare for the changes that the new Data Protection Act may bring.

  1. Understand what data you are processing; consider what you are collecting, why you are collecting it, how long you need to keep it, and what measures you have in place to protect it.
  2. Raise awareness within your school community about the new Act and consider what working practices might need to change in order to create a culture of data protection.
  3. Start to make inquiries with your school’s third-party suppliers about how they protect the personal data the school shares with them. Prioritize those that carry the most risk with personal data so that these can be considered when the new law is introduced.
  4. Start by identifying any roles within your school's leadership team that might have scope to take on additional functions to manage data protection compliance across your school.
  5. Make your friends before you need them! Now is a good time to start building a community of trusted advisers. Make time at industry conferences to talk to consultants such as 9ine so that you can find the right solutions for your school’s specific challenges well ahead of time.

About the Author: 

Heidi-Anne O’Neill is 9ine’s in-house Data Protection Solicitor. She has been qualified for fourteen years and has spent the last eight years advising in the area of information law. As a result of many years spent in local government, she holds both a Data Protection Practitioner and a Freedom of Information Practitioner Certificate. She is pleased to be part of the team at 9ine and looks forward to assisting clients on their journey towards data privacy compliance.