As Privacy Laws Proliferate, All-Inclusive Compliance Tools Are Small Targets
Consumers grappling with privacy laws want their compliance solutions to conform to every new regulation hitting the books, but for developers that may require forging a closer working relationship with attorneys.
November 25, 2019 at 09:30 AM
4 minute read
Developers of privacy compliance tools may not be getting much rest any time soon. The number of international privacy laws on the table is set to grow by one in January with the launch of the California Consumer Privacy Act (CCPA), and states like Washington and New York could soon follow.
For developers, the multitude of potential privacy laws is akin to something of a catch-22: Companies on a budget may be reluctant to spend money on individualized compliance tools targeting the specific nuances of each state law, but formulating a successful "all-in-one" solution requires successfully threading many small needles.
"The one-size-fits-all program, it really cannot work in that you need a specific solution and a different solution depending on what laws you want to comply with," said Kimball Parker, president of Wilson Sonsini Goodrich & Rosati's tech subsidiary SixFifty.
Parker and SixFifty will be taking a toolbox approach to the problem, where for a flat fee costumers can gain access to all of the company's various privacy solutions as needed.
So far, SixFifty's compliance products have focused primarily on the CCPA, but the lab is in the process of building out modules geared specifically towards the European Union's General Data Protection Regulation (GDPR).
Parker compared the commonalities between the GDPR and the CCPA to a Venn diagram where there is some overlap, but with wide circles full of differences on either side. For example, the GDPR requires entities that make any kind of a change to the way they handle data to undergo an analysis as to what the impact to people's data will be. The CCPA does not.
"So if you just took your CCPA tools and applied them to the GDPR, that would be a glaring gap," Parker said.
However, that doesn't necessarily mean developers have to start completely from scratch when devising new compliance solutions to meet emerging laws. Parsons Behle Lab, the tech subsidiary of Parsons Behle & Latimer, offers both a GDPR compliance tool and a CCPA compliance tool.
Tomu Johnson, the lab's co-founder and CEO, compared the development process to an umbrella, with the GDPR providing a fairly robust cover under which layers devoted to the particulars of any subsequent privacy laws that emerge can be built.
"In that sense, you now have a product that addresses and is flexible with all of the different privacy laws that could come out, and can adapt to the different guidance that you are going to get from the attorneys general from all the different states as well," Johnson said.
He indicated clients are already keen to make their compliance solutions a one-time expense. Still, tech companies seeking to create tools that can navigate the peculiarities of each law may have to make one fundamental change to their development process: Getting more lawyers involved.
Johnson said tech companies have traditionally been shy about delivering services that may verge on legal advice due to bar association rules prohibiting such activity from non-lawyers. However, he pointed to states such as Utah that are beginning to relax such rules in the hopes of making legal services or guidance more readily accessible to consumers.
The competition that this would present to law firm tech subsidiaries may not be such a bad thing.
"At the end of the day we need it. I think that we've had more than enough time to try and provide legal services to the community in a technologically evolved way, and I don't know if we've delivered on the promise of that," Johnson said.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllLaw Firms Mentioned
Trending Stories
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250