Organizations collect, process, and store a wide range of data on individuals—including data that is personal, sensitive, related to healthcare and education, and financial. In addition to data collected with the knowledge of individuals, the widespread adoption of new digital channels for people to meet, share, and shop has dramatically increased the scope for organizations to capture data surreptitiously.

Current and emerging regulations set a baseline expectation that organizations will, firstly, protect all such data appropriately, and secondly, extend a set of rights to the individuals whose data has been collected, processed, and stored. The implications of elevated privacy requirements are reverberating inside organizations across many industries.

This white paper reports on how organizations in the United States and Canada are meeting the requirements of current and emerging privacy regulations including HIPAA, GLBA FERPA, GDPR, and several other state and international privacy regulations.