Category Regulations

Responsive Infrastructure for a Flickering Policy Regime

By 2023, 75% of the world will be subject to modern privacy regulations, according to Gartner. 

The United States is in the eye of the storm, where jurisdictional complexity in data privacy is rapidly reaching Category 5 intensity. In California there’s the CCPA and now the more draconian CPRA. Virginia has enacted a new data privacy law, which, of course, is not the same as California’s. To underscore the mounting complexity, New York is contemplating a law that has elements of affirmative/opt-”in” consent -- something present in neither Virginia nor California law

In addition to new sets of regulations, existing regulations are in flux. California’s move from CCPA to CPRA is instructive: CCPA was on the books for less than two years before its successor, CPRA, was enacted, and there: 

“the prospect of further rulemaking will make it hard for companies to take significant steps toward compliance, as the CCPA rulemaking experience has demonstrated the potential for rulemaking to create significant changes”.

Just as we have failed to develop coherent, unified regulations regarding climate change, migration, trade, and many other dynamic, cross-border phenomena, it is unlikely privacy regulations will congeal into a unified, global standard. 

As regulations and their interpretation evolve, keeping up with a flickering regulatory climate shouldn’t require expensive feats of engineering in support of ad-hoc compliance programs.

Playing whac-a-mole is not a viable or durable strategy for data privacy.

Compliance tools must provide the flexibility to respond to new and changing regulations, with the granularity to build tailored privacy programs across multiple regions, and the connectivity to data systems that ensures policy stances are realized and enacted, rather than lying inert in a document or privacy policy somewhere. 

At Ketch, a mastery of data control solves for jurisdictional complexity, and future proofs your business against the impending storm. Our Deploy-Once, Comply-Everywhere Policy Center leverages the building blocks of modern privacy, applied to granular data sets to provide the flexibility and adaptability to respond to new and shifting global regulations:

  • Individuals about whom you hold data -- who is it about
  • Categories or attributes of the data -- what is it
  • Uses, or purposes of data processing -- how can you use it
  • Legal basis for processing, by jurisdiction -- why you can use it based on where the individual is located

The leaders in the data privacy revolution are recognizing the rising urgency of data privacy and are re-tooling to meet it. They are adopting responsive and responsible infrastructure that future-proofs businesses against the constant flickering in privacy codes, regulations, and norms.