Lawmakers continue to wrestle with how to create a singular, federal cybersecurity standard. The latest example occurred in November when U.S. Senator Ron Wyden (D) introduced the Consumer Data Protection Act. It would create a federal “Do Not Track” list allowing consumers to opt out of letting companies share or sell their data and give the Federal Trade Commission more power to monitor companies’ data privacy practices.
Companies could face large penalties for failing to comply. In addition, the bill would add extensive reporting requirements for businesses that collect data on large numbers of customers. In comparison, the General Data Protection Regulation (GDPR) holds companies responsible for “how they handle data but does not require them to certify each year – at the risk of fines and prison time – that they are are meeting EU standards.”
“The time has come for companies to have a streamlined and unified approach to cybersecurity,” Tobón said, "Which includes systems for data mapping, data inventory and risk assessment.”
Tobón leads Shook’s International Privacy Task Force and has been certified as a Fellow of Information Privacy by IAPP.