Are Current Data Privacy Laws Prescriptive Enough?

In a Help Net Security interview, Bill Tolson, Vice President of Compliance and eDiscovery at Archive360, discusses how to ensure that privacy is built into the design process and how government agencies keep making new privacy rules while end users fall victim to malpractice and scams. Today, organizations are required to capture, index, secure, and dispose of all personal identifiable information (PII) based on different state, federal, and foreign data privacy laws. Tolson explained, “Technologies and processes must be designed to encompass all data, with processes built-in early to simplify capture, scanning, retention, search, and retrieval.” When asked if individuals will ever be able to control how their information is used, Tolson replied that prescriptive data privacy laws and aggressive enforcement that compel companies to invest in innovative technologies and best practices remain the best remedy to privacy violations. 

Tolson believes that to securely handle sensitive data, it takes a potent combination of technologies, policies, and practices, all with boardroom support. Says Tolson, “The idea that we can’t work with data without violating data privacy rights is ludicrous, even offensive. We need more enforcement, the possibility of individual data subject litigation, and larger penalties. Companies doing it right have nothing to worry about; strict sanctions can persuade the rest.”