Printer Friendly, PDF & Email

Privacy: No longer a check-the-box function

Daniel Solo ( is the founder of New York–based Second Line Advisors, an executive search firm for risk management, compliance, financial crime, data privacy, legal, and regulatory affairs. Brooke Sweeney ( is an associate at Second Line Advisors.

While the United States is typically known for having the toughest regulatory standards in financial services globally, it has fallen short in the privacy regulatory landscape.

The European Union has led the way in the fight to protect consumers’ personal data with the implementation of the General Data Protection Regulation (GDPR),[1] which went into effect on May 25, 2018. Brazil has also passed a substantial privacy regulation, the General Data Protection Law (LGPD),[2] which will go into effect in August of 2020. The United States’ first state-level data security regulation—the California Consumer Privacy Act[3] (CCPA)—went into effect on January 1, 2020. Many other states are beginning to introduce their own privacy bills too.

These regulations, however, are difficult to fully interpret and require clarification. Before the CCPA went into effect, over a dozen amendments were made to address and clarify ambiguous clauses of the regulation. Furthermore, CCPA and these new state-level legislative proposals are far from being a federally encompassing law in the way that the GDPR is for the EU. Nevertheless, the acceleration of global regulation is triggering an increased awareness of privacy from not only institutions that are collecting massive amounts of data, but also from consumers themselves, who are becoming more informed about their personal information and how it is being used.

This document is only available to members. Please log in or become a member.