These countries are initiating data privacy reforms to ensure the safety of individual's identities.

The Covid-19 pandemic raised concerns about data protection since there was a huge surge in data breaches and cybersecurity frauds. Once the digital transformation was initiated, the internet became the sole platform for data sharing. Data storage and usage also expanded to the digital platform with the onset of innovations. The demand for data security heightened considering the penetration of disruptive technologies. Many countries have been welcoming reforms to their old rusting data privacy frameworks. Let us understand how these countries are planning to handle sensitive data and protect them.

Canada

The country has come up with amendments in its data privacy law in November 2020, by proposing Consumer Privacy Protection Act (CPPA). Bill C-11, Digital Charter Implementation Act tends to replace the earlier data privacy act known as Personal Information Protection and Electronics Document Act (PIPEDA). Canada has always been active towards ensuring data privacy and its legislative acts are restricted towards private, commercial sector, and federal institutions. The power to enforce the rules in this bill is divided between the Office of the Privacy Commissioner (OPC) and a Personal Information and Data Protection Tribunal. Section 8 of this Charter promises to protect the citizens from unreasonable searches and seizures. The CPPA introduces restrictions on the collection, use, and disclosure of personal information by any private entities. The proposed bill also enforces high penalties for violating the law and even failing to report a breach. It is based on the consent of the citizens but also allows companies to pertain to certain consent validation strategies to collect data from people. Under this act, individuals can withdraw the consent, ask for data disposal, and are granted data mobility rights.

The Canadian personal data protection strategy has always been strict about individual consent and transparency.

Brazil

Brazil passed the Brazilian Internet Act in 2014, which defined the policies on the treatment of data on the internet. The Act considers consent as the primary strategy and people below 16 years of age are restricted from sharing personal data.

The country is preparing to introduce a new data protection strategy through a data protection authority ANPD (Portuguese Acronym). It has published the regulatory strategy for 2021-2023. The authority aims to strengthen data protection in the country by drafting guidance and rules, managing data breach complaints, and adhering to LGPD. Brazil's new data privacy law is said to have many similarities with the EU's GDPR.

LGPD is the General Law for the Protection of Personal Data, which came into force in August 2020 and aims to regulate the use and collection of personal data by all the companies trading in Brazil. These firms should comply with the new law policies. The law defines penalties for violation and demands technology compliance from companies. According to the law, any platform used to process personal data should be compliant. The law aims to give some fundamental rights to the people to enhance their control over their data, improve accessibility, and the right to revoke consent.

US

The United States does not have a strict policy for data privacy, unlike the other countries. It has a state-wise compliance policy that varies in rules, guidelines, and penalties. There are several sector-specific federal laws and state-wise privacy laws. Regulating business privacy laws is in the hands of the Federal Trade Commission and the California Consumer Privacy Act (CCPA) is considered the strictest data privacy protection act. CCPA gives its individuals the right to transparency of data used by companies and also gave a provision to not disclose their data if they desire.

Many states are expanding their data breach policies since the pandemic to enhance data protection and control misuse.