Individuals around the world are increasingly aware of the importance of online security and privacy, but the definition of personally identifiable information (PII) varies from region to region. PII isn't restricted to name and phone number, but also encompasses financial records as well. Industries, regardless of the sector, require data centers to store customer data in order to comply with the privacy and security standards defined in the country or state's local governing law.
There isn't one common, central law in the US, like there is in the EU, yet. However, there are several federal privacy and consumer laws in different states. The California Consumer Privacy Act (CCPA), which is for California residents, is similar to the General Data Protection Regulation (GDPR), with some variations. We will cover that in detail in the CCPA section.
Other federal laws that govern the online collection of PII include:
To set up a data center and run your business without interruptions, make sure you comply with and follow:
There are many data privacy and data security laws among different states. After the CCPA passed in 2018, multiple states started to propose similar laws to protect their residents from data breaches and theft.
Signed on June 28, 2018, the CCPA went into effect on January 1, 2020, and is a major outcome of the GDPR's far reach and the myriad of data breaches recorded in 2017. The CCPA is aimed at protecting California residents' consumer rights, ensuring stronger privacy, and increased transparency. As cross-sector legislation, the CCPA is considered very comprehensive. With definitions similar to the GDPR, it imposes key duties on individuals or organizations that collect PII from or about a California resident.
Under the CCPA, a consumer is broadly defined as "a natural person who is a California resident." This law secures new privacy rights for California consumers, including:
New York passed the Stop Hacks and Improve Electronic Data Security (SHIELD) Act in July 2019. This law is technically an amendment to an already-existing data breach notification law in New York, and it creates a greater scope for data security by applying to “any person or business which owns or licenses computerized data which includes private information” of a resident of New York. The major difference from the CCPA is that the CCPA is a data privacy law, while the SHIELD Act is a security regulation.
California and New York were the first states to introduce broad legislation for data privacy. However, other US states have also enacted laws that are typically extensions of the existing United States federal laws, with alterations and implementations specific to the state's needs.
Nevada’s SB 220, an Act relating to internet privacy, prohibits website operators or those who run online services from selling consumer information to data brokers without the consumer's permission. Unlike the CCPA, Nevada’s SB 220 does not include rights of access, portability, deletion, or non-discrimination, and it does not apply to companies that collect PII offline. Also, under Nevada's SB 220, organizations have to respond within 60 days of request submissions, plus an additional 30 days; under the CCPA, organizations have 45 days to respond to requests, plus an additional 90 days.
Also known as LD 946, this bill prohibits a provider of broadband internet access service from using, disclosing, selling, or permitting access to customer personal information unless the customer expressly consents to that use, disclosure, sale, or access.
In addition to the above laws on privacy and data protection, there are also other standards for setting up and maintaining the infrastructure in a data center.
The Uptime Institute is a neutral organization that established four tiers of data center certifications for categories including design, construction, and operational sustainability.
The Telecommunications Industry Association's (TIA) ANSI/TIA-942-A is the telecommunications infrastructure standard for data centers. It is an American National Standard that specifies the minimum requirements for structured cabling work. Defined in TIA/EIA-568, it describes the design, installation, and performance requirements for cabling in data centers.
The National Institute of Standards and Technology (NIST) is a non-regulatory government agency responsible for creating security standards to enhance efficiency in data centers. Based on IT security and cybersecurity, NIST security standards cover regulations for data center infrastructure, along with the technology and the applications used.
NIST SP 800-53 is an important publication that covers the "Security and Privacy Controls for Federal Information Systems and Organizations." This offers security and privacy control in the areas of application security, and mobile and cloud computing, and also covers real-time monitoring of systems.
There are different types of data centers, like traditional and hybrid, that each come with their own pros and cons. It's the choice of the individual organization to choose the type that fits their needs, and successfully incorporate all elements of privacy, safety, security, and other environmental standards. With so many controls, standards, audits, and reports, it's always recommended to adhere to and maintain compliance with all region-specific laws.
Write for Site24x7 is a special writing program that supports writers who create content for Site24x7 “Learn” portal. Get paid for your writing.Apply Now