Issue link: https://nebusinessmedia.uberflip.com/i/1018436
24 Hartford Business Journal • August 27, 2018 • www.HartfordBusiness.com OTHER VOICES Income tax repeal 'plan' doesn't justify hysteria By Chris Powell H ysteria and vilification quickly have become the hallmarks of Connecticut's campaign for governor, with Democrat Ned Lamont and Republican Bob Stefanowski and their surrogates hurling contempt and mock indignation at each other. Hysteria and vilification quickly have become the hall- marks of Connect- icut's campaign for governor, with Democrat Ned Lamont and Republican Bob Stefanowski and their surrogates hurling contempt and mock indigna- tion at each other. Seizing on Stefanowski's platform of phasing out the state income tax, which produces half of state government's rev- enue, the Democrats are warning that his election will destroy public education and medical services and require huge increases in sales and property taxes. The Democrats are right that Stefanowski's plan to eliminate the income tax is hollow. The plan says nothing about where and how spend- ing cuts would be arranged and seems to presume that reducing the income tax will produce so much prosperity that tax revenue will actually increase. While taxing less sometimes can produce more, there is no way that eliminating half of state government's revenue will reimburse itself. But that will become clear soon enough, and there is no need to take Stefanowski seriously on the point, and maybe his own voters in the Republican primary didn't take him seriously here either. Instead his supporters could have figured simply that the more Ste- fanowski demagogically pledged to eliminate the income tax, the more he would bind himself at least to cutting spending and taxes generally. Just freezing spending and taxes would be more than any Connecticut governor in modern times has achieved. Neither can Lamont and the Demo- crats be taken seriously on taxes. Lamont is deliberately incoherent on the issue. Having endorsed raising the sales tax and imposing tolls and having pledged to obey the government em- ployee unions, whose members consume most state and municipal tax revenue, Lamont also says taxes are too high. Further, when Lamont and the Democrats say Stefanowski would de- stroy education, medical care, and the University of Connecticut, they really mean that all state government spend- ing goes for sacred cows and there can be no economizing with them, nor even any auditing of them, though their excesses are often reported. Besides, Stefanowski hasn't pro- posed eliminating the income tax all at once but gradually, over eight years. Making big cuts in spending and taxes so gradually would be possible with enough political will. State govern- ment would just have to stand up to government employees, contractors, welfare recipients, and others on the payroll, imposing on them the cuts that for decades have been imposed on taxpayers through constant state and municipal tax increases. If it's OK always to be reducing the compensation of taxpayers in Con- necticut, why should the compensa- tion of the government and welfare classes remain sacrosanct, except that these classes constitute the base of the Democratic Party? Stefanowski's employment history and ignorance of state government and of Connecticut generally may justify hysteria, but his "plan" to eliminate the income tax doesn't. For change in spend- ing and tax policy that radical would need approval from the General Assem- bly, which probably will remain closely divided politically and far from radical. Even gradual cuts in spending and taxes will require supreme political effort. But a governor informed and courageous enough to articulate the public interest over the special inter- ests might accomplish it. Is any candi- date in this campaign so informed and courageous? Chris Powell is a columnist for the Journal Inquirer in Manchester. OTHER VOICES New EU data protection regs will hit U.S. firms By Jeffrey I. Ziplow A s the global focus on data security continues to intensify, the European Union is in the process of implementing broad-ranging data security and privacy measures that will impact any business doing work overseas, or companies handling EU resident information. This new regulation is formally known as Regulation (EU) 2016/679 of the European Parliament and the Council, but more often termed the General Data Protection Regulation (GDPR), which took effect at the end of May. The pri- mary purpose of GDPR is to define standard- ized data protec- tion laws for all EU residents for all member countries. Its objectives are as follows: • To increase privacy and extend data rights for EU residents. • To help EU residents understand personal data use. • To give regulatory authorities greater powers to take action against organizations that breach the new data protection regulations. • To address the export of personal data outside of the EU. • To require every new business process that uses EU personal data to abide by the GDPR data protection regulations and Pri- vacy by Design rule. The last two items, in particular, show that any company or organization holding EU resident information and/or doing business in or with any of the 28 EU member states need to be prepared for the new data privacy standards. The GDPR rules apply to sensitive data, which uniquely identifies a specif- ic individual. This includes categories such as email, genetic information, IP address, and biometric data — along with driver's licenses and other types of personal information. As such, under GDPR, the definition of personal data has been both broadened and simpli- fied to "any information relating to an identified or identifiable person." Even though you are a business in the United States, and not in Europe, strong penalties exist for companies doing business with EU nations that are not in compliance. Although prec- edent for non-compliance has yet to be set, it is likely coming very soon. And rather than be at risk for non-compli- ance penalties, adherence to this new set of regulations is essential. Here are some of the key attributes of GDPR that businesses and organi- zations should understand. One set of rules: A single set of data protection rules will apply to all EU member states. GDPR will apply to all companies that process person- al data of EU residents, regardless of their location. Right to be forgotten: This is also known as Right to Erasure. EU resi- dents will have the right to request that personal data relating to them is erased. This is an enormous change from previous regulations. Right to access: Data subjects can obtain confirmation from the data controller whether or not personal data concerning them has been processed, regardless of where it has been pro- cessed, or for what purpose. Mandatory notifications: Data breach notifications will become mandatory in all EU member states, if the data breach is likely to "result in risk pertaining to the rights and freedoms of individuals." GDPR iden- tifies notification without delay and where feasible within 72 hours. New consent rules: Consent rules are changing, and opt-in require- ments for obtaining personal data are much stricter. Privacy by design: GDPR calls for the inclusion of data protection from the onset of the designing of systems, in- stead of just being added at a later date. Data protection impact assess- ments: Data controllers and data processors will be required to conduct data protection risk impact assessments for projects that have high privacy risks. Notifications no longer manda- tory: Under GDPR, it will no longer be necessary for data controllers to submit notifications/registrations of data processing activities to local data protection officers. Jeffrey I. Ziplow is a partner with West Hartford-based accounting firm BlumShapiro. Opinion & Commentary Chris Powell Jeffrey I. Ziplow