How to Regulate Private Data


GDPR. HIPAA. FERPA. AFAPDP. INAI. What do all these acronyms have in common? They’re all data privacy laws that govern the collection and use of private information. For businesses that collect consumer data, it’s essential to understand what regulations you must comply with and how to do so. This may be somewhat less of a challenge for structured data, but the increasing amount of unstructured data is making it difficult for companies to track and securely store all the different types of sensitive information they have.

That’s where sensitive data discovery comes into play. By identifying what sensitive data you have, you can make better business decisions to comply with various data privacy regulations. Keep reading to find out more about how private data is regulated in certain countries and states and how to better protect private data.

What Are Data Privacy Regulations?

Data privacy acts are laws passed by state or federal governing bodies to protect the personal data that various entities gather and use. These regulations lay out requirements on how data should be collected, stored, and protected—based especially on how sensitive that data is. For example, data protection and privacy issues often address how data like personal identifiable information (PII) and personal health information (PHI) are handled.

PII and PHI can include both structured data (data—often numeric—that is easily stored in traditional databases) and unstructured data (data—often textual—that doesn’t have pre-defined models and cannot be stored in traditional databases). Examples of structured data include Social Security numbers and dates of birth, while examples of unstructured data might include email exchanges or medical records. 

Data Privacy Laws by Country

Most countries in the world have some sort of data privacy law, although the contents of those regulations and the requirements they place on organizations that collect data vary significantly. Examples of data privacy laws in countries include:

  • Europe: Organizations that operate in the European Union and European Economic area must follow the General Data Protection Regulation (GDPR), which is one of the most comprehensive data protection regulations in the world.
  • Japan: Organizations that collect personal data from Japanese citizens must comply with the Japan Act on the Protection of Personal Information (APPI). This law is similar to the GDPR, and most organizations in compliance with the GDPR will also be in compliance with the APPI.
  • United States: The United States does not have a singular federal data privacy and protection law. Instead, regulations like the Health Insurance Portability and Accountability Act (HIPAA), the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), and the Electronic Communications Privacy Act (ECPA)—among many others—regulate the collection and use of certain types of data in specific circumstances.

Data Privacy Laws by State

As we mentioned, the United States does not maintain a singular, federal data privacy and protection law. However, some states have adopted them, making US data privacy laws in 2022 and beyond somewhat complex—especially for companies that operate in multiple states. The International Association of Privacy Professionals reports that as of August 2022, five US states have privacy legislation: California, Colorado, Connecticut, Virginia, and Utah.

For example, California’s Consumer Privacy Act (CCPA), gives California residents the right to access their data, request deletion, opt out of the sale of their data, and more. Of note, the CCPA applies to both structured and unstructured data, which means that organizations that the CCPA applies to must enact policies and procedures to store all kinds of data–even data that cannot be stored in a database.

What Are the Methods of Protecting Data?

Every individual data privacy law has its own requirements. Companies operating within these jurisdictions must ensure they are complying with these regulations, or else they face steep fines or other penalties. With that said, there are 5 methods of protecting data that are commonly required across nations. These can serve as a guidepost for companies looking to refine their data privacy and protection policies.

  • Access: Consumers and users have a right to view the data and information that has been collected about them. Additionally, they also have the right to contest or update that data should they believe it is inaccurate or incomplete.
  • Awareness: Before an organization collects or uses any personal data, consumers should be given the opportunity to review the organization’s information privacy and security policies. This includes how their data will be used as well as how it will be secured and stored.
  • Consent: Consumers have a right to consent to how their personal data is being collected, used, and stored beyond the necessary use to complete a transaction. For example, user data should not be used to send marketing promotional materials without consent.
  • Enforcement: Laws and standards around privacy protection are put in place for a reason, and organizations that fail to comply with them may be issued penalties. This might include operational penalties, fines, lawsuits, and more.
  • Security: Organizations should take reasonable steps to develop systems or infrastructure that can safely store sensitive data. This includes things like limiting access, storing data on secure servers, and data encryptions.

Govern Your Unstructured Data with DryvIQ

The best way to protect your business against the risks associated with data privacy regulations—especially when it comes to unstructured data—is to discover what vulnerabilities you have and learn how to address them. The fact is: unstructured data is growing at a rate of 50% per year. The sheer volume of documents, images, audio files, PDFs, text messages, and more are significant risks if they are not handled correctly.

With DryvIQ, you can decrease your risks with an AI-driven platform that can:

  • Discover your unstructured data.
  • Classify sensitive data—at scale.
  • Improve your security compliance.
  • Increase agility without hindering productivity.

Ready to learn more? Set up a demo to see the DryvIQ platform in action.

Icon D DryvIQ logo