Mary J. Hildebrand is featured in an article on TVNewsCheck spotlighting her presentation at the conference Media Outlook 2020, which expanded upon an article written by Hildebrand and Carly S. Penner for the Media Financial Management Association’s magazine, The Financial Manager. Hildebrand explains how the United States differs from Europe and certain other countries in that it does not have a set of federal laws addressing privacy and cybersecurity generally and that federal laws here are industry-specific. Although the Federal Trade Commission is the de facto regulator of many online activities, including privacy and security standards, companies must now consider 50 different state data breach laws, plus Guam, Puerto Rico, and the Virgin Islands. California and Nevada have also adopted comprehensive data protection laws, and more states are considering similar legislation. Hildebrand recommends that businesses focus on five issues in the coming year:

  1. New state laws, like California’s CCPA and Nevada’s new data protection law;
  2. Creating a formal written incident response plan in case of a data breach, including appropriate training and cyber insurance;
  3. Updating privacy policies to be clear, concise, and transparent about personal information collected, the purpose of collection, and how it is used and shared; the use of cookies and third-party analytics providers; and include statements required by state data protection laws such as California and Nevada;
  4. Understanding sales and marketing departments’ collection, use, and sharing/sale of personal information; and
  5. Developing an inventory of personal information collected, used, and shared across the organization.