Data Protection Regulations and Opportunities You Should Know

The biggest news in data protection in the last several years was the GDPR changes in the European Union. Those privacy updates gave consumers the right to know what data a company collects. Furthermore, it aimed to hold companies more responsible for the data they collected.

However, GDPR was just the first wave of regulations to impact the way IT leaders approach data protection and privacy. There’s no question that privacy, compliance, and data management will be an increasingly important IT responsibility. So here are some trends and upcoming regulations and opportunities to keep in mind.

Privacy Has a Global Reach

There are a few things to understand about GDPR. These apply to other upcoming regulations as well. First of all, most privacy laws have a broad range of coverage. For example, GDPR applies to more than just EU firms. The laws protect citizens more than they regulate companies. That is to say, if an EU citizen uses an American service, that business will have to comply with GDPR. The goal is to protect the individual.

That’s why global technology companies like Facebook, Apple, and Google have to comply with GDPR. Their user base lives in the EU. If you operate a global business, know that you must abide by the rules in each country and region you do business in. Some laws contain cutoffs and qualifications, as we’ll see in California’s laws. However, GDPR and others will apply to any company that keeps data about customers on hand.

Expect Laws from the State and National Level

At first, GDPR may seem like this monolithic law. As such, it has set off a course of action that will begin to affect the United States. Already, at the state level, privacy laws are coming into effect. Like GDPR, the different state laws apply to businesses that serve anyone in that state. Consider a few examples.

One of the most stringent data laws is California’s CCPA. The biggest outcome of this law is that customers can file class-action lawsuits against any company who mishandles their data. Additionally, the state of California can charge the company a fee per person impacted. In Colorado, the law now reads that data destruction procedures, one of our services at Securis, must be documented. 

The responsibility rests on the firm to ensure they have the right processes in place to protect consumers. Thus, state law requires that a firm comply and document its methods. Finally, Oregon tightened up the language about security audits and breach notifications in their state law. Each business must take on a proactive approach, especially in their communication with customers.

All of these are examples of what’s going on at the state level. What about at a national level? Until recently, data laws have not been a priority at the national level. In fact, aside from HIPPA laws in the health sector, there really isn’t a single, unified policy on data privacy in the United States. That may change, however, and more voices want a federally enforced privacy law. Keep an eye out for these discussions. Federal laws will have wide-sweeping effects.

Data Protection Will be a Requirement for Smaller Firms

Just as data laws are becoming more widespread, they’re also starting to affect smaller businesses. Take California’s CCPA law. CPPA requires a business to comply if they meet one of the three qualifications. First, the business earns over $25 million in revenue. Second, they possess the data of over 50,000 individuals. Third, they earn more than half their annual revenue by selling customer’s personal data. 

Most small businesses wouldn’t match those requirements. Still, it doesn’t take a huge corporation to hit $25 million in revenue. In the future, these laws could apply to smaller companies. Begin preparing now to comply with the data privacy laws that affect your customers.

Privacy Compliance Has Its Benefits

Data regulations require firms to stay on their toes and comply with strict laws. However, that doesn’t mean there aren’t any advantages to protecting consumer data. Cisco, in their 2019 Data Privacy Benchmark Study, found some interesting results. When a company complies with data protection laws like GDPR or state-level regulations, they experience a shorter sales cycle. How so?

Well, it comes down to customer trust. When a company complied with data protection laws, the customer trusted them more. Those firms shrunk sales delays from 5.4 weeks to 3.4 weeks. Cisco also found that complying companies had fewer breaches and less system downtime. As it turns out, clients and customers care about their data. By having the right systems in place, you’ll save time, money, and headaches both in the sales cycle and in day-to-day operations.

Another study by Forrester and Evidon found that companies complying with data protection regulations expected several outcomes, including improved customer satisfaction, customer loyalty,  brand perception, and deeper customer engagement. Don’t let fines motivate you, let customer-centric data protection be a highlight of your brand.

Securis Can Help You Comply

At Securis, we specialize in data destruction and IT recycling. This means cleaning up your IT equipment digitally and physically. Our goal is to protect your data by destroying it. Furthermore, e-waste, or outdated and thrown away computers, electronic devices, etc., fill up landfills and are potentially toxic to the environment. 

We dispose of these in safe, compliant ways, saving you the headache of figuring it out on your own. We maintain federal and state standards on all our practices and help your business prepare for the incoming data privacy changes. Contact us for a free quote.

SERI Makes Revision of R2 Certification Standard

Are you in the market looking for a good e-waste recycling partner? Or are you currently working with a partner and you think it’s time to renew your terms? Either way, here’s something you need to know. The Sustainable Electronics Recycling International (SERI) recently revised their R2 (Responsible Recycling Practices) standard. 

R2 director, Sean De Vries, presented the third version of the R2 standard known as R2V3 during the National Recycling Coalition (NRC) and the Pennsylvania Recycling Markets Center (RMC) Sustainable Materials webinar series in March 2019. According to Sean De Vries, the new standards are likely to be “more effective of the time we’re in.”

But before we get into what the revised standard entails, here’s a word about SERI.

About SERI

SERI is an ANSI-accredited standards developer best known as the creators of the R2 Standard, which outlines best practices for electronics repair and recycling issues around the world. 

As part of the Manual of Policies and Procedures for R2 development, SERI states that certification standards are required to be continuously improved and updated regularly.

These updates are implemented by an independent board who decide the on the changes to be made to the standard. Think of them as the gatekeepers for everything that concerns electronics recycling in any industry

They get together regularly to review and revise the standards to ensure they are up to date with the latest industry developments. And every five years, a select committee that called the Technical Advisory Committee (TAC) reviews everything to make sure it complies with best practices. 

The TAC has been reviewing the R2 standard since 2015, and it consists of different types of stakeholders, ranging from recyclers and electronics manufacturers to other certification agencies. As of today, there are 28 active members on the TAC. And members span four continents.

What the revised standard entails

The new version of the R2 standard maintains all the general principles of the original R2. But it aims to make them easier to understand. For instance, it has new rules about destroying data contained in electronics up for recycling. And adopting environment-friendly practices while recycling.

These new rules have come about because of the realization of the value of data in recent times. “Everything really contains data, so it has to be treated that way,” said  Sean De Vries. “Small devices, such as cross-function devices that look like a watch but function as a computer, can contain quite a lot of information.”

The new standards will also have additional details about how different facilities should approach their electronics recycling process. With more than 800 facilities in 35 countries holding R2 certifications, these new changes will be designed to help the recycling industry raise the bar and ensure everyone’s doing the right thing.

The changes will highlight issues such as data sanitization and test, repair and reuse. It will also recognize specialty services and expertise. And it will provide flexibility for how recycling companies carry out their operations under the new standard. 

In effect, version 3 will move away from being rigid to more flexible. It will provide industry experts enough room to adopt the standard to their natural workflow. At the same time, it would also ensure that the processes they follow are more transparent to the customers as well. 

Suffice it to say that the new standard would perhaps allow for smoother and clearer handling of electronics. This goes for manufacturers as well as recyclers.  R2 certified organizations will be given time to change to version 3 until the summer of 2021. That is a two-year long period to go through the details. And it allows them to see what applies to their business model and determine what changes need to be made.

If you’re looking for a new recycling partner, it’s essential to stay up to date on the upcoming changes in the R2 standards. You want to pick a partner who knows the R2 standard in and out. And who understands the implications of the new revisions.

As an R2 certified company, Securis can help you navigate through all the upcoming changes and ensure your company remains compliant when disposing of its electronics. For more information, contact us today.