Your data is at risk in North Carolina – the state needs to up its privacy protections

Editor’s note: Tom Snyder, executive director of rapidly growing Raleigh-based RIoT and a thought leader in the emerging Internet of Things, recently joined WRAL TechWire’s list of top drawer contributors. “Datafication Nation” premiers today. His columns will be part of WRAL TechWire’s Startup Monday package.

+++

RALEIGH – Data privacy regulation is an important issue for businesses and individuals alike, and rightfully so, it is a topic that is gaining increasing visibility. As we enter next year’s election cycle, we should challenge candidates at the state and federal level to be clear about their policy goals to protect individual data, weighted against the often conflicting goals of big tech and big business.

How does North Carolina stack up today, in terms of consumer data privacy protection?

At this time, North Carolina relies on generalized consumer protection laws as an umbrella to govern data practices. These laws mostly focus on protecting consumers from data and identity theft, but are weak in protecting consumers from how companies collect and use personal data within their businesses.

By comparison, states like California have enacted comprehensive data privacy legislation through California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). This legislation has much stronger rules to protect consumers and higher penalties to deter noncompliance.

Europe has long been the leader in strong data privacy legislation, through the European Union’s General Data Protection Regulation (GDPR). CCPA and CPRA are still not as strong as GDPR, but other states are following California’s lead and beginning to catch up to the EU. Encouragingly, this topic is becoming bi-partisan. Several blue states were the first to put strong regulations in place, but now we see red states like Montana standing up to the big tech lobby to institute important protections like:

• Universal opt-out of data collection as a default position
• Defining “sale” of personal data as any means of profiting off the data, even if there is no dollar exchange when transmitting that data to a 3rd party. (A common loophole for big tech to profit from personal data after consumers believe they had opted out of their data being sold).

Here is a comparison of data privacy regulation in North Carolina to California and the EU:

Protections:

• EU – Comprehensive regulations for how companies can access, control, process and use data. Consumers are granted rights to access, delete and control data.
• CA – Similar to GDPR, including the right to opt-out of the sale of personal information and the right to not be discriminated against for exercising privacy rights
• NC – Limited to protecting data and identity theft

Scope:

• EU – Applies to all organizations of all types and sizes, including companies outside the EU but operating (digitally) locally. Companies must obtain explicit and unambiguous consent before processing personal data.
• CA – Applies to companies that meet specific criteria like having annual gross revenue above a defined threshold, or processing a significant amount of CA resident data.
• NC – Does not have specific data protection regulations beyond data security

Penalties for non-compliance:

• EU – 20M Euro or 4% of Global Annual Revenue, whichever is higher.
• CA – $7,500 per violation with no maximum limit
• NC – $5,00 per violation with a limit of $500,000 per data security breach.

North Carolina has a long path to climb to achieve the level of privacy protection that its residents deserve.

More from Datafication Nation:

Hardware’s power is on the rise – and your data is helping fuel the way

The post Your data is at risk in North Carolina – the state needs to up its privacy protections first appeared on WRAL TechWire.