Data privacy is an important part of running a successful business. Many organizations, however, are struggling to implement the right sensitive data management techniques to ensure that their customer and employee data are as safe as possible. And in a world where data breaches are at an all-time high, it’s absolutely vital for organizations to do what they can to keep their personal identifiable information (or PII) protected.
Luckily, it looks like some legal regulations could contribute to the growing need for better PII data protection. A pending bill on Beacon Hill in Massachusetts could potentially create the best data privacy legislation in the country.
Let’s take a look at the potential impact of the pending Massachusetts data privacy law on consumers as well as companies.
Everything You Need to Know About the New Massachusetts Data Privacy Law in 2021
Whether your organization deals with minimal personal information or struggles to maintain excellent payment card industry(or PCI) compliance, it can be difficult to form the right protocols to keep sensitive data safe. The Massachusetts Information Privacy Act (Bill numberH.142 & S.46) could provide the right direction for organizations to establish a top-notch data privacy plan.
What is the Massachusetts Information Privacy Act?
The goal of the Massachusetts Information Privacy Act, or MIPA, is to protect consumers from the nonconsensual use, collection, and monetization of personal information. Specifically, the Act is designed to protect the specific location of data and biometric data in general, as well as to prohibit discriminatory practices based on personal consumer and employee data.
According to the bill introduced byRepresentatives Vargas, Rogers, and Creem, the solutions the Act could provide include the following:
- The protection of sensitive personal data from unwanted use, collection, and financial gain.
- Help individual consumers take consent to data use more seriously.
- Prevent organizations from coercing data provision consent from consumers.
- Prevent potential digital discrimination, especially against marginalized prospective employees.
- Prevent organizations from selling, trading, or using information about consumer locations.
- Prevent organizations from collecting biometric data that is not included in the necessary consent provided by consumers.
- Protect employees from unnecessary digital monitoring while they are working.
- Even out the gap between consumers, work force individuals, and organizations.
- Develop a new agency called to Massachusetts Information Privacy Commission to serve as the regulatory authority of MIPA to ensure compliance.
- Utilize processes and approaches from other jurisdictions that have passed similar laws, such as California and Illinois.
These potential solutions are excellent, but how will MIPA actually impact organizations in the U.S. if it is passed?
How Will the Massachusetts Information Privacy Act Impact Organizations in the United States?
While the restrictions outlined in the pending Massachusetts law seem like they would be negative for organizations, they can actually be quite a big help. While organizations will be restrained from engaging in certain activities, MIPA provides an opportunity for organizations to meet the mark set by consumers-- better data protection, better transparency, and a better opportunity for trust between consumers, employees, and organizations as a whole. Even if MIPA does not pass in its original form, it could be a great start for better privacy bills in the U.S.
In today’s digital age, it’s very easy for organizations to collect, process, and disclose massive volumes of sensitive information about consumers and employees. Despite how advanced Big Data actually is, the current laws in place don’t really benefit organizations or consumers. In fact, most states don’t even have actual data privacy laws. Massachusetts has a few privacy laws that deal with data privacy rights, but those laws are quite limited and don’t meet the current need. A few of these privacy laws include MGL c.93A, MGL c.93H, and MGL c.214. MIPA could radically improve on these existing laws.
MIPA offers a way to keep larger organizations accountable. Many big businesses don’t really regulate their basic data practices and use consumer data without consent to send targeted ads. The MIPA bill could improve on consent practices that hurt consumers and make organizations seem less trustworthy.
Just as well, MIPA could protect consumers and employees from surveillance problems. There are many new technologies that organizations use in today’s age that involve facial recognition, GPS monitoring, and sensors to contract biometric data about the physical attributes and locations of individuals. This data could be dangerous in the wrong hands. Stalkers and harassers can easily access such tools for nefarious purposes.Businesses can use such technology to hurt individual reputations, prevent marginalized individuals from employment based on discrimination, and scrutinize current employees into miserable work lives.
MIPA could effectively restrict invasive surveillance practices like this that are currently not being regulated. Companies will no longer benefit from profiting from the nonconsensual use of private consumer data. Essentially, MIPA would prohibit organizations from selling and trading employee and consumer data.
There are a few ways that this bill could manifest in real-world use cases. Those who use home security drones that have cameras (such as individuals or whole companies) would need to get written consent from individuals before using facial recognition capabilities on them.Workplace surveillance in Massachusetts could also end entirely.
Again, it might seem like this isn’t good for organizations. However, there is great potential for this law to foster better relationships between businesses, consumers, and employees. While organizations will no longer be able to use surveillance on their employees or steal biometric data from consumers, they will be able to foster a more trustworthy relationship with their customers and employees. This, naturally, could lead to more successful organizations with better reputations.