F ID I N E WS DATA PRIVACY REGULATIONS WHAT THEY MEAN FOR MOVERS With digital data becoming increasingly more important to the moving process, FIDI has compiled a report into the fast development of data-privacy regulations around the world. In this summary, FIDI Focus looks at some of the key points of this document A MARIE-PASCALE FRIX, FIDI BUSINESS INTELLIGENCE MANAGER As a mover, you are responsible for telling your customers about any potential data-privacy risks and providing guidance to them s more aspects of the moving process become digital, more data on transferees and their families is being collected, collated and sent around the world, making topics such as personal data collection and data protection increasingly important. New information technology is making personal data easier to share and access than ever before. With this in mind, keeping users personal information - often called personally identifiable information (PII) - safe is essential; if it is not, it can put them, or the company in which they work, at risk. Theft or other fraudulent acquisition of personal data can lead to dire consequences, while the collection, use and sharing of data without consent is also a concern. For more information about PII, see boxed article, What is meant by personal data or PII? Illegal use of PII has become a growing problem with serious implications, and governments around the world are developing strict regulations to control and protect private data. As of January 2021, around 130 countries had launched data-privacy laws representing two-thirds of the worlds jurisdictions. While this is a positive step, most countries having their own data-privacy rules makes developing a global approach a challenge. HOW DOES PII IMPACT ON THE MOVING INDUSTRY? There are inherent risks to 68 FF304 Dec_Jan 22 pp68-69 FIDI News.indd 68 removals companies when using their transferees private data. Accordingly, they should be aware of their data privacy protection responsibilities (see FIDI Focus 289, Feb/March 2019 - portfolio. cpl.co.uk/FIDI-Focus/289/32). While private data is often required on shipping documents, movers should always ask if this is absolutely necessary - and remove private information when it is not legally required. As a moving company, you are responsible for telling your customers about any potential data-privacy risks and providing guidance to them whenever possible. By doing this, you mitigate the risk of not being compliant from a dataprotection perspective. Transferees private data may be sold or shared by third parties depending on the jurisdictions, exposing them to identity theft, fraud and unwanted solicitations. A US CASE STUDY US Customs and Border Protection (CBP) is legally allowed to sell vessel manifest data, including PII of transferees such as social security and passport numbers, home addresses and other personal data to data brokers. While it is not the intent of the CBP to release sensitive data of individuals, the manifests currently provided to data brokers often include the PII of transferees and military personnel shipping household goods into the country. The data brokers post the manifest information online to provide shipment analysis and trends, which exposes the PII of transferees. Over the past four years, a coalition of national military and moving associations including AMSA, ERC and IAM has been urging the US Senate to protect the PII of transferees by passing the Moving Americans Privacy Protection Act into law, to prohibit CBP from releasing the PII of movers clients to global data brokers. On 8 June 2021, the US Senate passed the US Competition and Innovation Act (USICA), which includes a key provision directing the US Secretary of the Treasury to ensure that any personally identifiable information is removed from a vessel, aircraft or vehicle manifest before it is provided for public disclosure. This example shows how moving businesses need to be well informed about data privacy regulations and related consequences for their companies in case of non-compliance. THE GENERAL DATA PROTECTION REGULATION (GDPR) The European Unions GDPR regulation developed out of bold data-protection reforms. It came into effect on 25 May 2018, and is currently the toughest privacy and security law in the world. The strict rules impose obligations on organisations anywhere in the world - so long as they target or collect data relates to people in the EU. The EU is levying harsh fines against those WW W. F I D I FOC U S . OR G 07/12/2021 10:13