Compliance Management, Privacy, Industry Regulations

‘Ghosts of legislations past’: Policy predictions for 2021


If 2020 brought deadlines tied to various privacy and data protection policies, then 2021 means compliance – with less leniency for companies that fall short of regulations. And with a new administration, all eyes are on potential shifts or enhancements to legislation and standards.

As part of our year in review, which looked at critical events during the last year and how they might influence 2021, SC Media collected predictions across a range of categories from cybersecurity experts. Here, experts offer their perspectives on the 2021 policies that will influence how companies manage data and systems.

We’ll see more scrutiny from data protection authorities and more fines in 2021, says  Jung-Kyu McCann, general counsel, and Elizabeth Schweyen,  senior manager of global privacy and compliance, at Druva:

"As a general trend, data protection authorities have used their investigative and enforcement powers to issue an increasing number of fines in 2020 and this will continue through 2021. The enactment of new privacy regulations, like California Consumer Privacy Act, will only further fuel this. Data protection authorities are relying on companies to implement robust security protocols and educate their employees to protect consumer and personal data. Companies that fail to do so are vulnerable targets."

Service providers will need to democratize data control and provide superb digital experiences to survive in 2021, says Eve Maler, chief technology officer at ForgeRock: 

“With a new era of privacy regulations likely dawning, galvanized by the success of California’s Proposition 24, which regulates consumer privacy, organizations must improve their ability to earn consumers’ confidence and trust by putting comprehensive identity and access management systems in place.”

Privacy lawsuits will slowly change behaviors but not all business models will survive, says Doug Dooley, chief operating officer at Data Theorem:

“Some companies whose entire business model is to give away free services in order to harvest users’ behaviors to sell personal data will be called into question if they fail to disclose. Further, with new laws like CCPA, many companies will have to adjust their approach to harvesting personal data and some smaller apps may not survive in their current state.”

Companies will be forced to acknowledge that data is actually a liability, says Adam Caudill, a principal security engineer at 1Password:

“The more data a company has, the greater the risk of costly breaches and fines, so there is a strategic benefit to holding only the data that’s absolutely needed to operate successfully. While companies that are built around collecting vast amounts of data are unlikely to make significant changes, 2021 will be a year when others need to revisit how much data they actually need."

The Antitrust, anti-tech reckoning has arrived, says David “moose” Wolpoff, CTO and co-founder at Randori:

“With antitrust sentiment slowly taking over Washington, it’s becoming more apparent that technology and social platforms are unregulated domains that have been damaging to truth, and the functioning of democraticprocesses. In 2021, I expect antitrust hearings to come about as a matter of national security, and the force of the government extended against social platforms and tech monopolies in the next year or so."

We will see the rise of stronger and more enforceable data privacy regulations, says Robert Prigge, CEO of Jumio:

“States are likely to follow California in initiating legislation to expand consumers’ rights to prevent companies from being able to collect and share personal data without prior consent or knowledge. We’ll likely see the Improving Digital Identity Act passed, which will create a task force to protect individual privacy, direct the National Institute of Standards and Technology to create new standards for government agencies’ digital identity verification services and establish a grant program to help other states implement more secure digital identity verification." 

There will be more cross-industry collaboration to combat vulnerabilities, says Alyssa Miller, cybersecurity advocate at Snyk:

"While the scale and volume of vulnerabilities will likely stay the same next year, there will be a bigger surge in cross-industry collaboration to tackle threats. Independent researchers, academia and commercial industries will unite more aggressively to make the digital world more secure. Armed with open source communities, research divisions and software they will work together to identify and fix more vulnerabilities than ever before."

Ghosts of legislations past will return, says Jonathan Meyers, principal infrastructure engineer and head of IT at Cybrary:

“The results of the 2020 presidential election will bring about significant changes to cybersecurity policy in 2021. With a new FCC commissioner, net neutrality is likely to make a comeback in the news, and backdoor encryption is another hot topic a new administration will have to deal with.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.