August 28, 2018 | Scott Hines
By now it's safe to assume you've heard of GDPR and maybe even CCPA (especially if you're operating in California), but do you really know what they mean? Or if they apply to you? Or to your business? In a world where we increasingly share personal information we must reject the idea that privacy is outdated. In fact, we need it now more than ever.
Who Really Owns Your Data?
If you run a field services operation, you know that your business collects data- LOTS of data. Data about your jobs, data about your employees, data about your customers, etc. Even modest sized field service operations can hold millions of records of information.
You might think that your business owns that data. You collected it, you paid for it, it should belong to you, right? Wrong. Laws are changing. If the data that your business collects is information about individual consumers, it probably does not belong to you. It belongs to the individual. Even though the data resides on your computer, even though you paid for it, even if it is information that is unique to your business, if it describes a real person, it belongs to the individual, not you.
This is because legislators all over the world are rushing to pass new consumer privacy laws. Laws like the EU General Data Privacy Regulation (GDPR) or the California Consumer Privacy Act (CCPA) create a new fundamental human right, the right to control your data. These laws say the data about individuals belongs to the them, not to the companies that collect the data. And the law makers are giving these laws teeth. Companies face millions of dollars of penalties for failure to comply.
That means all of that information that you are storing on your computers, could be toxic to your business.
Does It Apply To Me?
Many of you reading this might say, “this can’t really apply to my business, does it?” The answer is maybe. But even if you aren’t affected right now, be assured it’s coming.
In the United States at the time of writing this article, there is no single, comprehensive federal law that regulates the collection and use of personal data. But there is an “alphabet soup” of overlapping federal and state data privacy laws including HIPAA, FCRA, FTCA, GLBA, CAN-SPAM, that have been established. (extra credit for anyone who knows without looking on the Internet what each of those acronyms stand for!) This means that the majority of businesses operating in the USA today, face some form of federal data protection regulation.
In addition to the alphabet soup of federal laws, there are also numerous state laws that regulate data protection. In addition to the California CPA law, 13 additional states including Florida, Massachusetts, and Texas have data protection bills currently moving rapidly through the state legislatures to become laws.
This means that over the next several years, virtually every business in the USA will be required to operate under some form of consumer data privacy regulation.
If you’re a operating a field service company, that means you too.
What Do These Regulations Require?
Although each of these regulations uses different language, different penalties, and different applicability, each of the regulations basically tries to establish a set of fundamental rights that protect citizens from others using their data in ways that are detrimental to the individual. These set of fundamental human rights in some ways form a Personal Privacy Bill of Rights based on the following principles:
- Control – Individuals have the right to be able to control how organizations collect and use their personal data.
- Transparency – Individuals have the right to easily view and understand what information businesses are collecting about them and how they are using that information.
- Accuracy – Individuals have the right to cause organizations to correct any inaccuracies in the data collected and used about them.
- Deletion – Individuals have the right to cause an organization to delete information collected about them and to “be forgotten”.
- Purpose – Individuals have the right to require organizations to only collect and use data about them within the reasonable context and purpose of the business.
- Security – Individuals have the right to require organizations to keep the information they collect secure and free from access by unauthorized parties.
- Accountability – Individuals have the right to cause organizations to keep records that provide the evidence that demonstrates that they have operated according to regulations.
What Should I Do?
In the words of Douglas Adams, “Don’t Panic”.
In our next post we'll cover things you can do to minimize your exposure, minimize your costs by automating your compliance, and turn data protection into a competitive advantage for your business.
To learn more about how AgileField can keep your business compliant, please request a demo to speak with one of our product consultants.