One topic likely to continue to dominate in 2019 is how businesses can stay on top of data privacy regulations. By the time the European Union’s General Data Protection Regulation went into effect in May, savvy international companies had already been preparing for months. And with major regulations going into effect in California next year, companies will need to start new preparations and keep an eye out for other laws that get passed in state legislatures around the country.
Many state legislatures in 2018 passed their own cybersecurity or data privacy regulations for businesses, if they hadn’t already. Vermont was the first state to set regulations for “data brokers” — those companies that trade in personal information — and set reporting and security guidelines for them. Colorado made headlines for joining the top echelon of states in consumer protection regulations by setting short reporting deadlines for breaches involving personal information. And while some states, such as Alabama, enacted their very first data privacy laws, California passed a nation-leading consumer protection law that could trigger a new wave of regulations across the country.
The federal government has yet to take on the issue of creating unifying national regulations, which facilitates the “Red Queen race” in states leapfrogging one another to set standards on data privacy.
Where this trend continues in 2019 is anyone’s guess.