Published OnDecember 17, 2019We live in an age where we have the ability to collect and utilize more data than ever. Data compliance is critical to managing your data privacy.
We live in an age where we have the ability to collect and utilize more data than ever. As the amount of data we’re responsible for increases, so do concerns that we’re handling it properly. Data compliance refers to statutes and regulations that provide accountabilities, processes and operational obligations for the collection, storage, format and use of data. Understanding what you need to do in order to comply with regulatory requirements can both foster consumer trust in your organization, and allow you to operate smoothly and effectively.
The laws that regulate data compliance vary greatly depending on jurisdiction. Laws related to media and format are data requirements that specify the format regulated, such as analogue and digital formats. Media and format regulations may include guidance on how to preserve corporate or common seals, and are typically stamped as additional evidence that a document was executed on behalf of an organization. Some jurisdictions may make a distinction between permissibility of electronic signatures, which may provide the same legal standing as a handwritten signature as long as it adheres to the requirements of the relevant regulations, versus wet signatures, which require an individual to physically sign a document. Wet implies that it requires time to dry, signifying a physical mark was made. Some countries like the United States have adopted laws that verify the legal effect of signatures, contracts or records relating to transactions in electronic form. Certain exceptions apply, like where there are statutes, regulations or rules of law that govern the creation and execution of wills, testamentary trusts and specific matters of family law. 
Jurisdictions may require organizations to abide by data transfer statutes or regulations. Data transfer, also known as cross border data transfer or data transmission, restricts or controls the transfer of the data from one location to another and typically from one jurisdiction to another. In the European Union, the General Data Protection Regulation (GDPR) prevails for data transfer, with certain safeguards in place like the EU-US Privacy Shield, which protects the rights of anyone in the European Union whose personal data is transferred to the United States for commercial purposes. On the United States side, the Federal Trade Commission has the authority to enforce the same under Section 5 of the Federal Trade Commission Act. Other jurisdictions may require individuals, corporations or organizations to comply with data sovereignty laws. These regulations or statutes require those who must abide to verify that digital data exists only at allowed geographic locations. They may contain mandates such as “user or transaction data must be kept within the country.”
Data privacy regulations are those that require entities to protect personal data through various aspects of compliance such as access, restrictions and consent to prevent the unauthorized access and/or use to personally identifiable information (PII). As more and more states enact data privacy laws, organizations need to effectively balance the rights of individuals and their information with the value the data provides to free enterprise.
These varied statutes and regulations offer guidance for processes and duties related to the collection, storage, format and use of data. Data compliance concerns may be more nuanced based on the specific industry, such as the financial services sector. There are increasing complexities as regulators are paying close attention to compliance in relation to data privacy. As a data controller, it’s vital to understand what data you have, how it’s classified, and how data compliance requirements differ from retention requirements. An organization can thrive if they continually educate themselves on the regulatory requirements surrounding data as the data compliance world evolves.
 15 U.S.C. § 7001.
 15 U.S.C. § 7003.
 GDPR, Article 45(1-3).
 15 U.S.C. § 45(a)(4)(A).