Privacy in 2019: How Good Information Governance Can Help Manage Breaches, GDPR, and New U.S. State Laws

Information governance and privacy expert Jim Polka offers predictions and recommendations for privacy in 2019:

  1. Breaches: There will continue to be breaches in 2019.
  2. GDPR Fines: Watch for more fines, like we saw with Google in January.
  3. State-level Laws: Individual states will continue to pass privacy laws.
  4. Dealing With a Shifting Privacy Landscape: Implement strong information governance.



There will be more big data breaches in 2019.

It’s not a matter of if your organization will be breached, but when that will occur. More organizations will suffer from highly visible data breaches like we saw in 2017 and 2018 with Marriott, Facebook, and Equifax. Vulnerable industries could include:

  • Telecom
  • Media
  • FinTech

GDPR focus shifts from implementation to big fines and more data subject access requests.

We’ll likely see the European Union, or individual European countries, implement major fines under GDPR, as France did with Google in January 2019. The only unknown is whether or not the breach occurred before GDPR implementation in May 2018, as was the case with Marriott. Will these companies be fined under GDPR rules?

There will also be more data subject access requests, which will result in increased costs as organizations strive to comply.

More individual states will pass privacy laws in 2019. There won’t be a U.S. version of GDPR.

Privacy laws will continue to be developed on a state-by-state basis. We saw efforts in 2018 in California, Colorado, Massachusetts, and New York. We wouldn’t be surprised to see similar initiatives in 2019 in Washington, Oregon, and Illinois.

We’re unlikely to see successful federal legislation to enact a law that covers all of the United States, as GDPR does in the E.U.

The best way to deal with the shifting privacy landscape is to implement good information governance practices.

  • Know what type of data you have and it is being stored.
  • Create and follow the right retention schedule.
  • Assign the right data management resources and align your policies throughout your organization.

Ultimately good information governance makes good business sense.

Rich Medina
Jim Polka
I’m a Principal Consultant. My expertise is in security-based information management and strategic deployment of ECM technologies.