Data Privacy Day 2020—What Actions Businesses Can Take
Jan. 28 was Data Privacy Day. This is a day to raise awareness, foster dialogue and empower companies to act to ensure proper privacy (and security) of all types of data and information.
February 07, 2020 at 11:55 AM
5 minute read
Jan. 28 was Data Privacy Day. This is a day to raise awareness, foster dialogue and empower companies to act to ensure proper privacy (and security) of all types of data and information.
Data privacy, as a concept, deals with how information is used, as well as whether an organization has the legal right or proper permissions to use the information it obtains. Data security is an extension of privacy, and it relates to the protection of data, once collected, from unauthorized access or disclosure.
Data is everywhere, and it is valuable. Governments, businesses and individuals maintain, retain and share vast quantities of data. When individuals provide information about themselves, the recipients of that information have a responsibility to protect it—either entirely or to a specified degree. Unfortunately, not all businesses fully appreciate this responsibility. Further, many companies are oblivious, often unwittingly, to the extent of information they are collecting.
For example, when a consumer downloads a company's app on their smartphone or device and agrees to the privacy policy and terms-of-service agreement that goes along with the download, that app is gathering information, such as geolocations, browser data, stored contacts, microphone audio, photographs, etc., from the consumer's device. Much of this information may be unwanted or unnecessary for the company's purposes; however, it's still being collected by the company via the app, oftentimes without the company even realizing that the app is collecting the data. This is because app developers program apps to take on all sorts of information, simply because it's possible, even though they have not asked or been informed about what information a company actually wants or needs to track.
Unfortunately, there remains no comprehensive federal-level data protection authority or privacy legislation that regulates the overall collection and use of personal data in the United States. Instead, while various sector-specific data protections exist on a federal level, the majority of data privacy and security regulations exist at the state level. And state-level requirements are multiplying rapidly. Following the California Consumer Privacy Act (CCPA), which went into effect on Jan. 1, multiple states have enacted or proposed similar bills to protect consumers through comprehensive privacy and security legislation. With this piecemeal onslaught of new laws coming into effect so quickly, too many businesses fail to realize that, while they may not have any specific operations in California (or in the other states that have enacted similar legislation), the laws still apply to and impact them.
Companies bear the brunt of navigating this system of highly complex variations of laws related to data privacy and security. Doing so comes with a hefty price tag as well as a heavy administrative burden.
But, don't be dismayed: there are things you can do to ensure that your company is on the right track with respect to protecting its data!
Actionable steps for businesses include:
- Review your company's privacy policies and terms-of-service agreements. Make sure they meet the legal requirements that are applicable to your company and industry. Verify that users or customers can easily understand what data is being collected and what is being done with it, and make sure that clear opt-in or opt-out processes are provided.
- Critically assess the data that your company collects and retains. If your company is collecting unnecessary or unwanted information, update the processes of collection to appropriately limit the information that is obtained and retained.
- Map the data that your company collects. You need to be able to track and manage the information that is being collected at all points in the process, including where it may end up in the future.
- Consider appointing a data officer who will be responsible for your company's legal compliance with a privacy and related issues. This person should keep up-to-date with legal developments, news and trends related to your company's and industry's specific data privacy needs, or work with competent counsel to help with this.
- Adopt a proactive mindset of responsibility when it comes to handling data. Build for the future with privacy in mind instead of having to back-track to implement policies and protections as reactionary measures.
- Require multifactor authentication—one of the best current defensive tactics to avoid a cyber incident.
- Add levels of encryption for data and devices. Enact and enforce policies that will help to avoid data breaches on a systemwide level.
- Obtain sufficient cybersecurity insurance protection. If you don't have cybersecurity insurance, get it now. If you have coverage, make sure that your coverage is sufficient for your business needs. In addition, don't forget how cybersecurity coverage might intersect with other policies and coverage, such as business interruption and crime policies.
Alisa Chestler, a shareholder in the Washington, D.C. office of Baker Donelson, concentrates her practice in privacy, security and records management issues; health care and insurance regulatory compliance; and corporate transactions matters. Contact her at [email protected].
Leslie Isaacman Yohey is of counsel in the firm's Memphis office and is a member of the firm's health care litigation group. She focuses her practice primarily on medical malpractice litigation and other types of professional liability matters. Contact her at at [email protected].
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllA Blueprint for Targeted Enhancements to Corporate Compliance Programs
7 minute readThree Legal Technology Trends That Can Maximize Legal Team Efficiency and Productivity
Corporate Confidentiality Unlocked: Leveraging Common Interest Privilege for Effective Collaboration
11 minute readLaw Firms Mentioned
Trending Stories
- 1'Largest Retail Data Breach in History'? Hot Topic and Affiliated Brands Sued for Alleged Failure to Prevent Data Breach Linked to Snowflake Software
- 2Former President of New York State Bar, and the New York Bar Foundation, Dies As He Entered 70th Year as Attorney
- 3Legal Advocates in Uproar Upon Release of Footage Showing CO's Beat Black Inmate Before His Death
- 4Longtime Baker & Hostetler Partner, Former White House Counsel David Rivkin Dies at 68
- 5Court System Seeks Public Comment on E-Filing for Annual Report
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250