Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.


333 West San Carlos Street
San Jose, California 95110
United States


ChannelPro Network Awards

hello 2
hello 3

News & Articles

Return to October 2023 ChannelPro Digital Edition
October 23, 2023 | Pedro Pereira

Staying on Top of Privacy Regulations to Help SMBs

Even though the growing tapestry of state privacy laws creates complexity for MSPs and their customers, providers that deliver compliance services stand to profit.

AS OF AUGUST, 12 states had passed comprehensive consumer privacy laws and several others were considering similar legislation. Despite similarities, each law has different requirements, creating challenges for companies operating in multiple states. This is an opportunity for MSPs to help clients stay compliant with regulations. Unlike the Eurozone, where the General Data Privacy Regulation (GDPR) covers 27 countries, the United States lacks a uniform approach to consumer privacy rights. Instead, states such as California, Virginia, Colorado, and Connecticut have enacted their own laws.

Utah’s Consumer Privacy Act (UCPA) goes into effect in December. Next year, laws go into effect in Florida, Montana, and Iowa. Comprehensive consumer privacy laws generally apply to all types of personal data across all industries, giving consumers the right to access, correct, and delete that data.

These laws, say compliance experts, are different from the more-focused, industry-specific laws that SMBs have dealt with in the past. “These many new state laws, with many more looming on the horizon, will impact SMBs in many ways,” says Rebecca Herold, CEO of services provider Privacy & Security Brainiacs. They will require businesses to update their security and privacy policies, perform more extensive logging of personal data, and establish procedures to give individuals access to their own data.

Rebecca Herold

Rebecca Herold

Furthermore, instead of allowing users to opt out of having their data shared, businesses will have to ask them to opt in. With privacy laws in place, organizations can use personal data for their own purposes but not share it without authorization. “SMBs need to understand what laws affect them, post all required notices on their website, and implement cybersecurity tools and services to protect data,” says Mike Semel, CEO of Semel Consulting and a former MSP.

MSP Impact

Usually, anything that affects SMBs also touches MSPs by extension. When it comes to data privacy laws, providers must quickly pull any personal data they are holding about individuals upon request, says Herold.

Regulatory differences between states complicate things, requiring MSPs operating in multiple jurisdictions to meet more than one set of requirements. “I’ve had to do this for many years and it’s not easy,” says Semel.

Help is available through reports and legal analysis papers from privacy law firms, says Herold. She also recommends the Conference of State Legislatures website, which provides news and resources about privacy and security developments. Herold’s own business provides quarterly updates and advice to clients.

She says that helping clients comply with privacy regulations involves privacy management practices such as data governance, documentation of policies and procedures, risk management, and training employees who handle private data. Then there’s the technical side, which involves tools for identity verification, data inventory, and network security controls such as anti-malware, IPS/IDS, logging, data backup, and endpoint security.

Even though the growing tapestry of state privacy laws creates complexity for MSPs, providers that deliver compliance services stand to profit. “I rebranded my MSP business as a compliance specialist and was able to double or triple the profits we made from many customers,” says Semel.

Compliance is an ongoing endeavor because things change quickly, he warns. “You can be healthy today and sick tomorrow. You should be using a specialized governance, risk, and compliance (GRC) platform in addition to your RMM and PSA to help clients manage their multiple compliance requirements” Herold says as more privacy laws go into the books across the country, businesses will turn to MSPs for help. MSPs can sell them compliance services at a fraction of the price of hiring a compliance officer. To offer these packages, MSPs can partner with companies like Herold’s organization, “to ensure they are providing their clients with accurate advice and governance products.”

PEDRO PEREIRA is a New Hampshire-based freelance writer who has covered the IT channel for two decades.

Image: Adobe Firefly

Return to October 2023 ChannelPro Digital Edition

Editor’s Choice

ChannelPro DEFEND Conference Heads to NJ, Promises to Lift Cybersecurity and Profitability of MSPs

July 8, 2024 |

Register now for ChannelPro DEFEND: East in Islen, NJ, on Aug 7 and 8 for unparalleled cybersecurity learning, networking, and collaboration opportunities.

Introducing ChannelPro’s Top 20 MSPs for 2024

June 18, 2024 |

These companies lead the way in building up the IT channel, as well as ensuring that their clients run thriving businesses.

Related News & Articles

Growing the MSP

Explore ChannelPro


Reach Our Audience