Data privacy is a priority objective for businesses today, particularly after the European Union's General Data Protection Regulation (GDPR) became enforceable in 2018, as this law protects European citizens’ personal data and requires organizations to change some of their work processes.

Illustrated by Dorathe Victor The Personal Information Protection and Electronic Documents Act (PIPEDA) is well-known if you are an organization based out of Canada. In place for more than 20 years, it sets out rules for how businesses should collect, use, and disclose personal information while dealing in commercial activities. Some pieces of personally identifiable information (PII) that are protected under PIPEDA are name, age, ID number, income, ethnic origin, blood type, and more.

The first months of 2022 began slowly for privacy, but by the end of the first quarter we had our marching orders for the rest of the year. In the U.S., we saw an explosion of state privacy bills being put forward (again), the Senate utilized a seldom used maneuver to push President Biden’s Federal Trade Commission nominee through to confirmation, and Utah became the fourth state to enact comprehensive privacy legislation.

The current cyber threat landscape forces the secure handling of personal data, and data privacy laws such as the General Data Protection Regulation (GDPR) assist in enforcing essential security measures.

Broadly speaking, an information security program is a set of activities and initiatives that support a company’s information technology while protecting the security of business data and enabling the company to accomplish its business objectives. An information security program safeguards the proprietary information of the business and its customers. The Gramm-Leach-Bliley Act (GLBA) has a more specific definition of what a security information program should entail.