New model law for personal data security: How it’ll impact Finance

A model law that’s in the works will affect how you handle employees’ personal data that you and your Finance team work with every day. 

The Uniform Personal Data Protection Act, drafted by the Uniform Law Commission, is specifically designed to address the safe, secure storage of personally identifiable data. Examples include names, Social Security numbers and biometric info.

Here’s a preview of how this proposed law would impact employers.

Protecting personal data

As it currently stands, the act would create uniform guidance for all states about protecting employees’ personal data. Businesses that maintain personal data about more than 50,000 people, households or devices would be subject to the law. Third-party vendors that process this data for employers would also be covered under the law.

The law would apply not just to info about employees, but data collected from any clients, customers or potential customers.

Businesses that maintain this data must obtain consent from individuals before collecting and storing their personal data. They’d also have to let people know about the specific data they collect, along with how they store and process it.

In addition, employers would have to make corrections or changes to personal data on file at the individual’s request.

To ensure secure data storage under the law, businesses would have to perform regular data privacy and risk assessments. These assessments must detail their security methods and planned response to data breaches.

If any breaches do occur, or employers use data in a way not allowed under the law, employers must offer a solution to any affected individuals.

Future outlook

Any violations of this law could lead to expensive penalties for employers. To avoid scrutiny, you’d need to fit tighter data protections and safeguards into your IT budget. This may include security features like data encryption on office computers and servers.

You’ll also need to know how your vendors keep employees’ personal data safe. Reason: You could be liable for their breaches as well.

Because the proposed law is so broad, the U.S. Chamber of Commerce has proposed some changes that would ease the burden on businesses. They include narrowing the eligibility guidelines to reduce the negative impact on smaller businesses and updating the definition of “personal data” to include more specific examples of the info employers will need to protect.

Other proposed changes include language to specify the types of biometric and genetic data considered sensitive and certain exceptions for routine data usage to fight fraud and improve services. We’ll keep you posted.