Question

Name, and give a brief description of at two (2) major legislative acts that address how companies are to retain, and/or protect client data, or audit internal controls.

Answer 1

The two legislative acts to be described below are The General Data Protection Regulation (2018) and The California Consumer Protection Act (2018).

1. The General Data Protection Regulation (2018)

This Act was introduced after the Act which was introduced in 1995. Since that period the data breaches have skyrocketed. There are 99 articles in the Regulation which gives details about the rights of an individual and the obligations on part of the companies/ firms to follow. However the focus was not only placed on big corporate but on startups as well as they are more easily prone to data breaches due to insufficient setups of security measures.

The measures included in the new ruling are:

a) the companies that share the information of their clients, need to have the nod of the people whose information is being shared with other.

b) Documentation is required stating the reason or the purpose for which the data is being collected and shared. The process of documentation has been more stringent and needs to have relevance with the activity conducted by the organisation. One would be surprised to know that the giant search engine in China, Baidu had failed once to protect the data of its users.

c) Corporate with a number of 250 employees have to disclose the reasons, documents and the security measure adopted to protect the data.

d) on the other hand, consumers can freely request companies about their data held which empowers them to have more control than the companies themselves can entail big fines.

e) To motivate companies to pay attention to this measure the penalties can go up to a staggering 20 million euros or even 4% of global turnover. There are indirect measures to support the companies who work on data protection while discouraging other companies who do not treat this matter seriously. Much like a strict taxation regime.

2. The California Consumer Protection Act (2018)

The reason why the California Consumer Protection Act is mentioned after the GDPR, 2018 is due to the enactment of this Act in law was after the General Data Protection Regulation, 2018. This regulation was mostly an extension of GDPR, 2018 to the residents in California. Below listed are some features about the Act:

a) Who does it envelope? It includes organisation with annual gross revenue of $25 million, involve in commercial activity of personal information of 50000 people or more and finally the companies whose sales having 50% or more contribution from activities involving personal information.

b) Rights of the consumers: people have the right to know what is information about them is being collected, why is it being collected and to whom is it going to be sold. Besides this, they can opt out of giving their information, erase their data from the database of the companies.

c) Damage caused to a resident by data theft can be $100 to $750 per citizen. It can go up to $7500 for intentional violation of the Act and $2500 for unintentional violations.

d) Information has been elaborated to encompass more under personal information definition. Not only it includes identity of a person but also the behavior, interests and much more have been covered in the definition.