The Business Implications of State-Led Data Privacy Regulations in Colorado, Connecticut and Beyond

On July 1, Colorado and Connecticut joined the ranks of over 10 states with active and firm data privacy regulations. These new privacy laws aim to provide consumers greater autonomy over their personal data by requiring businesses and organizations operating in and out of state to conduct data protection assessments (Colorado) or grant consumers the ability to delete their personal data profile (Connecticut). Welcomed by consumers, state-level legislations are a critical step toward protecting consumers' privacy in the absence of a federal data privacy regulation in the U.S.

However, as the number of states enacting data privacy legislation in the U.S. continues to increase, implications for businesses grappling with these disparate legislations become more acute. The increasingly fragmented data privacy landscape has led to a rise in the cost of doing business across state lines. In today’s uncertain economy, this is something enterprises can ill afford.

Despite these concerns, businesses now have an opportunity to turn data privacy into a competitive advantage. In addition to winning consumers’ trust by protecting their sensitive data, enterprises can leverage secure data to drive innovation and growth while staying compliant. Reinstating data flows is critical for businesses as they look to drive new revenue streams, improve customer experiences and eliminate the unnecessary costs of duplicating infrastructure or utilizing third-party providers to stay compliant.

However, to successfully reinstate data flows, especially as the number and complexity of data privacy regulations continue to increase, enterprises need to find avenues to scale security and privacy. This is especially true when you consider that there are currently 3.5 million open jobs in cybersecurity, with 1.7 million in the US alone.  And, the gap is widening. Implementing automation-driven tools that can enable any level of security and non-security practitioners to deliver security and privacy will be key.

More so, in 2022, more than 60 percent of all corporate data was stored in the cloud. As an increasing number of organizations move their data to the cloud, business leaders need a data security strategy that can protect their customers’ sensitive information no matter where it lives, on-premises or in the cloud. The data needs to be protected via a uniform policy whether at rest, in motion, or in use across hybrid and multi-cloud environments. This becomes a critical consideration to manage compliance across state borders with disparate privacy laws in play.

Lastly, as AI and machine learning become increasingly essential for driving business growth, being able to use and share data across lines of business and state borders is all the more important. According to a recent PwC report, AI is expected to boost the global economy by nearly $16 trillion by 2030. Close to half of this will be a result of product advancement and stimulating consumer demand driven by increased personalization, product innovations, and improved affordability over time. While this scenario is promising, for enterprises grappling with new and existing data privacy regulations that restrict data flows, it seems like a distant dream. By effectively protecting sensitive data using techniques such as pseudonymization and desensitizing personally identifiable information, however, enterprises can make data AI/ML-friendly while keeping it secure and compliant.

Not only is this possible, it has already been achieved. According to a recent Forrester report, a large global bank gained $1.3 million in reduced cost of compliance, $2.6 million in efficiency gains for app builders, and $13.7 million in total improved revenue over a period of three years by implementing a data security solution that effectively enabled cross-border data transfers.

As business leaders from organizations with customers spanning states consider the implications of the newly implemented data privacy laws in Colorado and Connecticut, they need to find solutions that can help them preserve data flows for the future. With several more states expected to implement their own laws, it is not viable to create custom data security policies for each. Rather, by implementing a centralized policy with decentralized enforcement, business leaders can protect their customer’s sensitive data, stay compliant and propel their companies forward.