Data Protection Regulation Compliance in the US

As technology grows increasingly digital, there are ever-increasing concerns about how to protect consumer data and privacy. If your law firm works with a call center, chances are you should also be concerned about data and privacy. General Data Protection Regulation Compliance in the U.S. is of the utmost importance, but how do you know that your clients’ information is safe?

At Legal Conversion Center, we go above and beyond when it comes to data protection and privacy. We understand how important it is for a legal call center to be fully compliant with state and federal regulations when gathering, storing, and using consumer information. After all, a call center for attorneys will often engage with consumers across multiple states.

Here, we discuss why GDPR and similar regulations are so important, and why organizations across the U.S. should be conscious of increasing data regulations.  

Does the GDPR Apply in the USA? 

GDPR is legislation set by the European Union (EU) with regard to businesses that interact with EU citizens. GDPR regulations apply to businesses, regardless of their location or presence in an EU member state.

What is the GDPR? 

The GDPR regulations set forth by the EU are a set of regulations for any business that may handle the personal information of EU citizens. The goal of GDPR is to strengthen data security and management and protect the rights of consumers. Data that is protected under GDPR includes identifiable information, such as:

• Name
• Address
• Date of Birth
• Social Security Number
• IP Address
• Cookie Information
• Location Data

Why is GDPR Important to US Call Centers? 

For legal call centers, it would be difficult to identify EU citizens when speaking with consumers. That’s why it is highly recommended that legal call centers in the U.S. abide by GDPR rules, regardless of their intent to work with EU citizens directly.

US Data Privacy Laws and Differences with EU

Compared to GDPR, U.S. data privacy laws are somewhat lacking. The U.S. does not have a comprehensive data privacy law that applies to all businesses operating in the U.S. Instead, U.S. law operates using fragmented state and federal laws that govern different types of data. The laws that are most relevant to call centers include:

The Health Insurance Portability and Accountability Act (HIPAA) 

The Health Insurance Portability and Accountability Act (HIPAA) is a series of regulations outlining the use and disclosure of protected health information (PHI). The goal of HIPAA regulations is to protect consumer information and provide consumers with more control over their personal data.

HIPAA regulations apply to any organization that gathers, stores, uses, or discloses PHI in the course of their operation. This is certainly relevant to legal call centers who may speak with consumers about medical-related legal matters. Violating HIPAA regulations can result in severe penalties and monetary fines.

The Gramm-Leach-Bliley Act (GLBA)

The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, is a federal law that repealed portions of the Glass-Steagall Act of 1933. One of the key provisions of the GLBA is the requirement for financial institutions to disclose their privacy policies to their customers and to give them the opportunity to opt out of the sharing of their personal information with third parties.

The law also established the Federal Trade Commission as the primary regulator for enforcing the privacy provisions of the GLBA. GLBA rules could apply to organizations that manage financial transactions and information. It illustrates the importance of having transparent privacy policies in place.

California Consumer Privacy Act (CCPA)

Businesses that may serve consumers living in California are also subject to the California Consumer Privacy Act (CCPA). The CCPA provides new rights for consumers, including:

• Controlling access to personal information
• Ability to delete personal information from entities or databases
• Control over how information is collected and shared

CCPA Business Obligations & Cost Estimates

The CCPA also provides guidance for businesses on how to maintain compliance with the law. For call centers, compliance with the CCPA is important in order to avoid potential penalties. Some ways to ensure compliance include:

• Software that protects consumer data
• Training employees on how to safely gather, store, and transmit data
• Creating a transparent privacy policy that consumers can understand
• Providing notice to consumers when data is being collected
• Establishing protocols for opt-out or data deletion requests
• Maintaining records for two years to demonstrate compliance

Businesses that are subject to CCPA rules can expect initial compliance costs. Berkeley Economic Advising and Research estimates these costs to be the following:

• $50,000 — small businesses with fewer than 20 employees
• $100,000 — medium businesses with 20 to 100 employees
• $450,000 — Businesses with 100 to 500 employees
• $2 million — enterprises with more than 500 employees

The cost of noncompliance could be even greater, especially considering that noncompliance with the CCPA could also stem from noncompliance with federal regulations as well.

Virginia’s Consumer Data Protection Act (CDPA)

The Virginia Consumer Data Protection Act (CDPA) is a data privacy law that was enacted in Virginia in 2021. The CDPA is similar in some ways to the GDPR and the CCPA, as it gives Virginia residents more control over their personal information. Under the CDPA, Virginia residents have the right to:

• Know what personal information businesses collect about them
• Access their personal information
• Correct inaccurate personal information
• Request that businesses delete their personal information

The law also requires businesses to provide clear and conspicuous notices about their data collection and sharing practices, and to obtain consent from consumers before collecting, using, or sharing their information.

The CDPA applies to businesses that either control or process the personal data of at least 100,000 Virginia residents, or that derive more than 50% of their gross revenue from the sale of personal data and process or control the personal data of at least 25,000 Virginia residents. The law also applies to businesses that handle sensitive personal information such as health information, financial information, and biometric data. This would certainly apply to call centers that work with law firms serving Virginia residents.

The Future of Consumer Data Protections 

In recent years, there has been an increase in the amount of data that consumers share. One study found that 61% of consumers share personal data when interacting with applications. Another 46% share data daily when shopping online. The increase in data sharing has brought consumer data privacy into the spotlight in many ways.

Many states have enacted privacy regulations to protect consumer data. In addition to California and Virginia, other states are considering, implementing, or enhancing current data privacy laws, with the following laws set to begin in 2023:

• California Consumer Privacy Rights Act Proposition 24 (Effective January 1, 2023)
• Colorado Privacy Act (Effective July 1, 2023)
• Connecticut Personal Data Privacy and Online Monitoring (Effective July 1, 2023)
• Utah Consumer Privacy Act (Effective December 31, 2023)
• Virginia Consumer Data Protection Act: HB 2037, SB 1392 (Effective January 1, 2023)

Furthermore, data protection is now a consideration among lawmakers around the world. A survey from Gartner shows that 60 countries are enacting or proposing postmodern privacy and data protection laws.

Legal Conversion Center’s Dedication to Compliance 

At Legal Conversion Center, we work with law firms across the U.S. That means we must adhere to both state and federal privacy laws and regulations as applicable. Our team is committed to providing client intake for law firms that is trustworthy, ethical, and protects our partners and consumers.

At LCC, we maintain strict compliance with the TCPA, DNC registry, GDPR, HIPAA, PCI DSS, and other relevant laws. In fact, our business maintains the HIPAA Seal of Compliance. We provide all of our agents with comprehensive training on data and privacy laws, and we conduct routine audits to ensure compliance.

If your law firm is looking to partner with a legal call center, LCC has the tools and technology you need to provide high quality service while maintaining strict compliance.  Find out more about our services by contacting us for a free quote.