This new data protection agency will have specialist knowledge in technology, data protection, civil rights, law and business and will have the power to impose civil penalties for data breaches across the public and private sectors. The US is one of only a few countries without a data protection law (along with Venezuela, Libya, Sudan and Syria). Gillibrand said the US is “vastly behind” other countries on data protection.
In a Medium post Gillibrand wrote Americans “deserve to be in control of their own data.” Gillibrand’s bill lands just a month after California’s consumer privacy law took effect, more than a year after it was signed into law. The law extended much of Europe’s revised privacy laws (GDPR), to the state.
So, what does this new bill mean for schools?
Having guided schools worldwide through a similar journey with the introduction of the EU General Data Protection Act, there are a number of things that schools should start doing now to prepare for the changes that the new Data Protection Act may bring.
- Understand what data you are processing, consider what you are collecting, why you are collecting it, how long you need to keep it for and what measures you have in place to protect it.
- Raise awareness within your school community about the new Act and consider what working practices might need to change in order to create a culture of data protection.
- Start to make enquiries with your school’s third party suppliers about how they protect the personal data the school shares with them. Prioritise those that carry the most risk with personal data so that these can be considered when the new law is introduced.
- Start to identify any roles within your school leadership team that might have scope to take on board additional functions to manage data protection compliance across your school.
- Make your friends before you need them! Now is a good time to start building a community of trusted advisers. Make time at industry conferences to talk to consultants such as 9ine so that you can find the right solutions for your school’s specific challenges well ahead of time.
About the Author:
Heidi-Anne O’Neill is 9ine’s in-house Data Protection Solicitor. She has been qualified for fourteen years and has spent the last eight years advising in the area of information law. As a result of many years spent in local government, she holds both a Data Protection Practitioner and a Freedom of Information Practitioner Certificate. She is pleased to be part of the team at 9ine and looks forward to assisting clients on their journey towards data privacy compliance.