Once the world’s data went from paper to digital, authorities were not far behind in putting out regulations in order to protect it. Over the decades, data privacy rules and regulations to address cyber threats have snowballed. Many organizations have one or more data privacy policies with which they need to remain compliant.

The U.S. healthcare industry and their service partners need to comply with HIPAA. Businesses collecting payment card data work under the mandates of PCI-DSS. GDPR is a wide-reaching data protection regulation impacting anyone selling to European Union (EU) citizens – U.S. based online sellers with customers in the EU must be compliant with GDPR.

But these industry-specific and international data privacy regulations are just the tip of the iceberg. Many state, county, and municipal jurisdictions also have their own data privacy laws. Organizations must be aware of these compliance requirements. But they also need to know about updates to these rules.

We at IT Support LA are well-acquainted with the various Compliances our clientele must adhere to and to updates as they occur. The penalties for running afoul of Compliance Regulations can be severe, and extremely damaging to an organization so double-checking with your IT services provider is recommended.

By the end of 2024, about 75% of the population will have its data protected by one or more privacy regulations.

Authorities continuously enact new data privacy regulations. This year Colorado, Utah, Connecticut, and Virginia will begin enforcing new data privacy statutes.

Businesses need to stay on top of these requirements to avoid recommended stiff penalties for a data breach. If it is found that proper Cybersecurity was lacking, fines are typically even higher. Providertech  lists the 10 highest HIPAA penalties.

HIPAA (The Health Insurance Portability and Accountability Act) uses a sliding scale. Violators can be fined between $100 to $50,000 per breached record. The more negligent the company is, the higher the fine. Anthem Healthcare set the current record with a penalty of $16 million dollars in 2015.

Sounds a little scary, doesn’t it?

We have provided some handy tips below. These can help you keep up with data privacy updates coming your way.

Steps for Staying On Top of Data Privacy Compliance

  1. Identify the Regulations You Need to Follow

Most organizations have at least one set of data privacy rules it must adhere to – some organizations have a few. There could be regulations for:


Where you sell (e.g., if you sell to the EU)


City or county

Federal (e.g., for government contractors)

It is important to identify all the various data privacy regulations that you may be subject to. This helps ensure you’re not caught off guard by one you didn’t know about.

  1. Stay On Top of of Data Privacy Regulation Updates

As the old saying goes, “Ignorance of the law is no excuse.” Don’t get blindsided by data privacy rule changes. You can stay on top of any changes by signing up for updates on the appropriate website. Look for the official website for the compliance authority.

If you are in the healthcare field, you can sign up for HIPAA updates at HIPAA.gov. You should do this for each of the regulations your business falls under.

Make sure you have employee backups so nothing can fall through the cracks. You should have updates sent to more than one person. Typically, your Security Officer, IT services, and another responsible party. This ensures they don’t get missed if someone is on vacation.

  1. Perform an Annual Review of Your Data Security Standards

Technology are always evolving in companies both big and small. This doesn’t always mean a massive enterprise transition. Sometimes it may be simply adding a new server or a new computer to the mix.

Any changes to your IT environment can mean falling out of compliance. A new employee mobile device was added, but without proper protected is a problem. One new cloud tool an employee decides to use can also cause a compliance issue.

It’s important to do a review of your data security - at least on an annual basis. Match that with your compliance requirements to make sure you’re still good.

  1. Audit Your Security Policies and Procedures

Something else you should audit at least annually is your policies and procedures. These written documents tell employees what’s expected from them in every area from dress-code to computer/internet usage. They also provide direction when it comes to data privacy and how to handle a breach.

Audit your security policies annually, or whenever there is a data privacy regulation update. You want to ensure that you’re encompassing any new changes to your requirements.

  1. Update Your Technical, Physical & Administrative Safeguards As Needed

When you receive a notification that a data privacy update is coming, plan ahead. It’s best to comply before the rule kicks in, if possible.

Look at three areas of your IT security:

Technical safeguards – Systems, devices, software, etc.

Administrative safeguards – Policies, manuals, training, etc.

Physical safeguards – Doors, keypads, building security, etc.

  1. Keep Employees Trained on Compliance and Data Privacy Policies

Keep employees aware of any changes to data privacy policies that impact them. When you receive news about an upcoming update, add it to your ongoing training.

It is a good Cybersecurity practice to conduct ongoing Security Awareness Training for staff. This keeps their anti-breach skills sharp and reminds them of what’s expected. Prepare them properly by including updates they need to know about.

Always log your training activities. It’s a good idea to log the date, the employees educated, and the topic. This way, you have this documentation if you do suffer a breach at some point.

Frequently Asked Questions

Q: How many data laws are there?

A:  According to ICLG (International Comparative Legal Guides), a leading platform for legal reference, news, and analysis: “There is no single principal data protection legislation in the United States (U.S.). Rather, a jumble of hundreds of laws enacted on both the federal and state levels serve to protect the personal data of U.S. residents.”

Q: What are the three rules of HIPAA?

A: The three rules which cover every aspect of HIPAA are:

  1. The Privacy Rule
  2. The Security Rule
  3. The Breach Notification Rule

The website emPower eLearning goes into detailed breakdowns of each rule HERE.

Q: What three elements should a data security policy include?

A:  The ‘three pillar’ or ‘CIA’ approach consists of:

Confidentiality: Using encryption and secrecy to ensure that only authorized parties can view data.
Integrity: The data must not be modified or tampered with in any way.
Availability: Data must be readily accessible to authorized parties.

Q: Who dictates security policy?

A: Generally, security policy is dictated by a collective within an organization: Senior management, a policy board, and/or a dedicated security committee. The policy must adhere to and enable all applicable regulatory compliances.

As a reputable member of the IT Support Los Angeles community since 2002, IT Support LA offers a FREE, no-risk network and security assessment. It is a non-intrusive scan that allows us to deliver a comprehensive report that is yours to keep. No strings, and no obligation to ever use our Managed IT Services.

The best defense is the best Cybersecurity to protect your data from theft, and a top-notch Managed Services Provider (MSP) to ensure continued reliability and defenses against newly emerging threats.

With our 100% Money Back Guarantee in writing, we offer a risk-free way for prospective clients to try us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.

Among the Managed IT services we provide:

IT HelpDesk Service
Onsite IT Support
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)

Need Help Ensuring Your Systems Meet Compliance Needs?

Data privacy compliance can be complex. But you don’t have to figure it all out yourself. Our team is well-versed in compliance needs. Give us a call today to schedule a chat.

IT Support LA is an award-winning Managed Services Provider (MSP):
o  3 Years awarded Best IT by the Small Business Expo
o  Awarded 2nd best company of any type in the US by the Small Business Expo SB100
o  Awarded Best IT in California by Channel Futures
o  Winner of Best IT Support in Los Angeles by Channel Futures
o  Listed as one of the world’s Top 501 MSPs by CRN and in the top 250 in the   ‘Pioneer’ listing
o  4 years listed as one of the Top 501 MSPs in the World by Channel Futures
o  Globee 2021 Bronze Award winner for Chief Technology Officer of the Year
o  Globee 2022 Gold Award winner for Chief Technology Officer of the Year
o  Named one of 2022’s 50 ‘Best’ businesses in California by UpCity
o  Named Best of IT winner by UpCity
o  Winner of Local Excellence Award for 2021, 2022 and 2023 by UpCity
o  Named Best of Cloud Consulting winner by UpCity
o  Certified as Top MSP and Cybersecurity Pro by UpCity
o  Named Best IT in Los Angeles by Expertise.com.

For more information, or to receive your FREE no-risk network and Cybersecurity assessment, just fill out the form on this page or call us at: