This post is part of our 2023 cybersecurity prediction series.
Jeff Sizemore, Chief Governance Officer, Egnyte
With personal privacy increasingly viewed as a global human right, data privacy gained much-needed momentum in 2022 with the passage of U.S. state-level laws and introduction of the federal American Data Privacy and Protection Act (ADPPA). And with 10% of U.S. states to be covered by privacy legislation by the end of 2023 (California, Virginia, Colorado, Connecticut and Utah), movement toward a federal law is not a matter of if but when. Federal legislation will allow the U.S. to align with other nations on data privacy and continue the motion so others can follow suit. It will also provide vendors and users with more clarity on how to use, store, and manage sensitive data.
Regardless of a new federal law or a series of state laws, privacy regulations will keep coming in 2023, and we will continue to see them appear across industries. For example, the Consumer Financial Protection Bureau recently began rulemaking around personal financial data rights under the Dodd-Frank Act.
Therefore, organizations must respect data privacy and stay on top of rapidly-evolving regulations. This includes the Cybersecurity Maturity Model Certification (CMMC), which is anticipated to go into effect by the U.S. Department of Defense inMay 2023. With enforcement of these regulations becoming more strict, I also expect fines and litigation for noncompliance to increase in the new year.
###