IT Legislation and Compliance

by Jon Lober | NOC Technology

Staying On Top of Data Privacy Compliance


How to comply with data privacy laws

For many years, in most industries companies have been able to freely catalog, store, and share digital consumer data with the passion of coin collectors at a convention. In the absence of legislation to regulate data privacy, they have acquired personal details, added them to a consumer’s profile, and sold or swapped them with other companies—filling out their collections with intricate details that helped them identify purchasing habits and preferences. 

 

Though many businesses have taken great pains to protect their user’s data, others have been less respectful. Even for those businesses that do protect their clients’ or users’ privacy, increasingly successful cybercriminals present an added challenge. Data breaches in some of the world’s largest, most sophisticated companies, including Facebook, Microsoft, First American, and LinkedIn among others, serve as a warning that data is not only valuable, but increasingly vulnerable. 

 

As a result of this data environment, a few states have begun to implement comprehensive legislation intended to protect consumer data. As of 2023, California, Colorado, Connecticut, Utah and Virginia have all passed data privacy laws intended to protection consumers living in those states. Beyond those expansive local laws, the United States federal government has also implemented a variety of patchwork protections for specific types of consumer data in a few specific industries. These protection include ( but are not limited to): 

 

  • HIPAA – Healthcare records and communications 
  • FERPA – Student educational records 
  • FCRA – Credit reporting information 
  • FTC Act – App and website privacy policies as well as marketing language related to them 

 
In order to address this wide variety of legislation and increasing number of stand-alone provisions, the US House of Representatives is currently working on a significant bill,
the American Data and Privacy Protection Act. This is the first comprehensive act of its type to clear the committee phase, and if enacted into law, it will completely change the regulatory landscape for any business that collects personal information from their clients. 

 

Outside of the US Federal and State legislative environments, other large markets like the European Union and China have already enacted wide-reaching privacy laws that apply to businesses selling to consumers within their borders. As an example, the General Data Protection Regulation (GDPR) gives individual consumers within the EU substantial control over the use of their private data and requires businesses to seek permission to share certain data. 

 

Industry, state, and international data privacy regulations are just the tip of the iceberg. Many local jurisdictions also have their own data privacy laws. Organizations must be aware of these compliance requirements. But they also need to know about updates to these rules. 

 

By the end of 2024, about 75% of the population will have its data protected by one or more privacy regulations. 

 

Businesses need to stay on top of their data privacy compliance requirements. Otherwise, they can suffer. Many standards carry stiff penalties for a data breach. And if security was lacking when it occurred, fines can be even higher. HIPAA, for example, uses a sliding scale. Violators can be fined between $100 to $50,000 per breached record. The more negligent the company is, the higher the fine. 

 

If this all sounds a bit overwhelming, and you are worried about your business staying in compliance with the changing regulatory landscape, here are a few tips. 

 

1. Identify the Regulations that Apply to Your Business

Your organization may be subject to a variety of data privacy rules. A few of these levels could include: 

 

  • Industry (healthcare, financial, minors, loans, and other) 
  • Where you sell (EU or states with comprehensive policies) 
  • State policy 
  • City or county policy 
  • Federal (e.g. for government contractors) 

Take the time to identify which (if any) of these areas affect your business. 

 

2. Remain Aware of Changing Data Privacy Regulation 

Don’t get blindsided by a data privacy rule change, be it local, federal, state, or industry. Stay on top of any changes by signing up for updates on the appropriate regulatory website. The official website for the compliance authority should have a field on their website that allows you to sign up for email announcements that would affect the compliance requirements of your business. 

 

For example, if you are in the healthcare field you can sign up for HIPAA updates at HIPAA.gov. You should do this for each of the regulations that you determine apply to your business. 

 

As comprehensive state and federal policies rapidly evolve, you will need to try to keep tabs on the policies of the places where you work as well as those where you sell your products and services. Until a comprehensive national policy is implemented, search for news updates every few months to see which states have implemented or are soon to implement new policy. Since the majority of states are at least considering laws to govern data privacy, it seems logical to assume that each year, additional states will be added to our list above. 

 

Have any pertinent updates sent to more than one person—typically your Security Officer or equal as well as another responsible party. This ensures that you don’t miss an important change. 

 

3. Review Your Data Security Standards

Companies constantly update their technology. This doesn’t always mean a big enterprise transition; sometimes you may simply add a new server or a new computer to the mix. 

 

Seemingly insignificant changes to your IT environment can cause you to fall out of compliance. If a new employee’s mobile device is added, but not properly protected, that could be a problem. Even one new cloud tool that an employee decides to use can cause a compliance issue. 

 

For these reasons, it’s important to do at least one annual review of your data security. Reference what you find with your data privacy compliance requirements to make sure you’re still in the clear. 

 

4. Audit Your Security Policies and Procedures

In addition to an annual review of your security standards and hardware changes, you should audit your internal policies and procedures. These written documents not only tell employees what’s expected from them, they should also give direction when it comes to data privacy and how to handle a breach. 

 

Audit your security policies annually. Additionally, audit them whenever there is a data privacy regulation update. You want to ensure that you’re covering any new changes to your requirements. 

 

5. Update Your Safeguards as Needed 

When you receive a notification that a data privacy update is coming down the line, plan ahead. It’s best to comply before the rule kicks in, if possible. 

 

When you learn of impending changes, start by reviewing these three areas of your IT security: 

  • Technical safeguards – Systems, devices, and software 
  • Administrative safeguards – Policies, manuals, and training 
  • Physical safeguards – Doors, keypads, and building security 


6. Keep Employees Up-to-Date on Privacy Compliance and Policies 

Employees should be aware of any changes to data privacy policies that impact them. When you receive news about an update, add this to your ongoing training. Good cybersecurity practice requires employers to conduct ongoing cybersecurity training for staff. This keeps anti-breach skills sharp and reminds them of what is expected. 

 

Include updates about what employees need to know to be properly prepared. Remember to always log the date, the employees educated, and the topic of your training activities. That way, you have documentation if you do suffer a breach at some point. 

 

7. Outsource Your Compliance Needs to a Managed Service Provider (Optional)

Qualified MSPs can lend you a hand if you find yourself working in a regulated industry or state, or if you do not feel comfortable trying to stay on top of compliance requirements with your current internal resources. Not all MSPs will provide compliance assistance, so you may need to do a bit of research before landing on one with the experience and capability to keep you ahead of the curve. 

Missouri Sheltered Workshops can empower human potential through AI
By Jon Lober April 24, 2025
Embracing the potential of both AI and humans
Tech upgrades that will boost employee safety in sheltered workshops
By Jon Lober April 15, 2025
At NOC Technology, we've worked with Missouri sheltered workshops for over seven years, and I've witnessed firsthand how the right technological implementations can transform sheltered workshop environments. Today, I'd like to share some insights on leveraging modern technology to create safer workspaces while maintaining the dignity and privacy of all participants. The Unique Safety Challenges of Sheltered Workshops Sheltered workshops provide valuable employment opportunities for individuals with disabilities, but they also present unique safety considerations. Workers may have varying levels of physical mobility, cognitive processing, and sensory perception—all of which can impact how they respond to traditional safety measures. Additionally, the production environments often involve machinery, tools, and materials that require careful monitoring and management. The Role of Smart Technology in Safety Advancements in smart technology provide real-time safety monitoring, immediate alerts for potential hazards, and improved emergency response times. Let’s explore some key technologies and their benefits in sheltered workshop environments. Personalized Alert Systems Traditional emergency alarms can be overwhelming for individuals with sensory sensitivities. Smart alert systems can deliver personalized notifications through: Vibrating wristbands that alert workers without auditory overload Visual notification systems with customizable colors and patterns Tablet-based communication for workers who benefit from visual cues Location-specific alerts that only notify those in affected areas We recently implemented a multi-modal alert system at a workshop in central Missouri that reduced anxiety-related incidents during emergency drills by 65% . Environmental Monitoring Maintaining optimal environmental conditions is crucial for both safety and productivity: Temperature and humidity sensors that automatically adjust HVAC systems Air quality monitors that detect potentially harmful particulates Noise level monitoring to prevent sensory overload Automated ventilation systems that activate when chemical levels exceed thresholds These systems not only protect workers but also provide documented compliance with OSHA regulations. Enhanced Supervision through Smart Cameras Security cameras have evolved beyond simple surveillance. Modern systems can: Detect unusual patterns that might indicate a worker in distress Monitor restricted areas without constant staff presence Identify when machinery is being used incorrectly Alert supervisors to potential safety hazards Important note: All camera systems should be implemented with strict privacy protocols and transparent policies. Workers and guardians should be fully informed about what is being monitored and why. In many cases, audio cannot be recorded, and the camera system must be configured to meet this requirement. Wearable Safety Technology Wearable devices offer personalized safety monitoring without stigmatization: Fall detection pendants that automatically alert staff Location tracking that helps locate workers in emergency situations Biometric monitoring for workers with health conditions Proximity sensors that prevent accidental entry into hazardous areas These wearables can be designed to look like standard ID badges or watches, preserving dignity while enhancing safety. Implementation Best Practices Successfully integrating smart technology into sheltered workshops requires careful planning: Involve all stakeholders: Workers, guardians, and staff should participate in selecting and implementing new technologies. Prioritize simplicity: Choose solutions that require minimal training and maintenance. Phase in gradually: Introduce new technologies in stages to allow everyone time to adapt. Balance automation with human oversight: Technology should supplement, not replace, trained staff. Respect privacy: Collect only essential data and maintain strong security protocols.
Could your sheltered workshop benefit from grant funding for new technology?
By Jon Lober April 7, 2025
As a sheltered workshop, you play a crucial role in providing meaningful employment opportunities for individuals with disabilities. However, like any organization, securing funding for technology upgrades can be a challenge. While investing in the right tools can improve efficiency, security, and overall productivity—that’s all only if you can afford the tools in the first place.
More Articles