Chief Operating Officer James Barham featured in Help Net Security – click here for the full article.
What is the biggest difference between the EU and the US when it comes to data protection?
The culture around data protection. In the EU, legislation and regulations have the rights and privacy of the individual as the central focus whereas in the US the focus is on protecting big businesses from the consequences of a breach. What we’re beginning to see however is that US consumers are moving away from companies and brands that they no longer trust. Not taking data protection seriously is at best damaging and, as we’ve seen with Cambridge Ananlytica, at worst can destroy your business.
What approach will the US take to data protection?
Rather than a complete adoption of the GDPR, which is now in effect, there will be portions introduced into US law over time. We’re already beginning to see this with the California Consumer Privacy Act, which is concerned with what information is being taken. Unlike the GDPR companies won’t have to get expressed permission to handle this data, but with consumer’s attention being drawn to what information is taken it’s inevitable that expressed permission will soon be under the spotlight too.
Where does PCI compliance fit into all this?
credit card companies have addressed data security with the creation of PCI DSS. Although PCI DSS must be implemented by all who handle cardholder data, a formal validation of PCI DSS compliance is not mandatory nor is it required by federal law in the US. However, US companies who aren’t PCI DSS compliant when they experience a security breach are subject to penalties from credit card companies. As data protection laws become tighter globally, it is essential that companies keep data storage to a minimum. When it comes to PCI compliance, the best way to ensure that credit card details are not at risk is to not store them in the first place.
To discuss de-scoping your contact centre, get in touch with one of our experts.