Legal Professionals Expected a Federal Privacy Law in 2020. They're Likely Wrong
A new survey from Consilio found that a majority of legal professionals believed a national privacy law was "somewhat" or "very" likely in 2020. But even without the threat of COVID-19, that's likely overly optimistic.
April 14, 2020 at 11:30 AM
4 minute read
Forget soap operas: The U.S. and privacy are shaping up to be the ultimate will-they-or-won't-they story. A new survey from e-discovery and managed review provider Consilio showed that a large number of legal professionals were holding out hope that a federal privacy regulation could be passed in 2020. However, the reality could be that even without the threat of COVID-19, there are still too many obstacles that would prevent such legislation from passing before the end of the year.
The survey is comprised of 120 respondents, including legal professionals working inside law firms, corporations and government-affiliated entities. Consilio collected the responses in early February during the Legalweek New York conference, prior to the COVID-19 related business shutdowns and social distancing measures that were implemented across the country the following month.
At the time, it would seem that attitudes regarding the prospect of a federal privacy regulation were at least mildly optimistic, with 70% of respondents indicating that it was either "somewhat likely" or "very likely" that such a regulation would be passed in 2020. Matthew Miller, vice president of global information governance advisory services at Consilio, attributed this to the attention gained by various state privacy laws such as the California Consumer Privacy Act (CCPA).
Of course, respondents may have also been caught up in some wishful thinking. "I think the feeling of the community is this would be so much better. It would be easier for organizations to comply if there were some universal standard for data privacy. I think it was more of an aspirational hope," Miller said.
Miller added that he believes the COVID-19 outbreak will likely delay a national privacy law beyond 2020.
Christopher Ballod, a partner at Lewis Brisbois Bisgaard & Smith, agreed that it would be unlikely to see federal regulations on the subject while so many attorneys general already have their hands full addressing the various ramifications imposed by the pandemic.
However, he's also not confident that a federal privacy law would have been any more likely absent the virus. Compliance can be an expensive process, and politicians may be reluctant to come across as "tough on business" during an election year. Plus, Ballod indicated that many of his clients are not building their privacy compliance programs under the assumption that a national standard is imminent.
"Nobody is expecting it … None of my clients are saying, 'Well, can we wait for the federal standard?' The idea is even written off. At this point it's, 'What do we do to deal with the patchwork of 50 states that are going to be passing these [privacy laws]?'" Ballod said.
To be sure, the emerging patchwork of state privacy laws was identified by the majority (56%) of respondents as their top concern regarding information governance regulations, followed by international federal privacy regulations (51%), the Federal Rules of Civil Procedure (34%) and potential forthcoming federal privacy regulations (30%). But achieving simultaneous compliance with a multitude of state privacy laws may not be as arduous as it sounds.
"In most senses, they are overlapping duties or obligations placed upon a corporation by the different states," Miller said.
Ballod at Lewis Brisbois often advises clients to aim for compliance with the very rigorous CCPA, since that will ultimately tick many of the same boxes laid out by other states. "If you have a CCPA-compliant program, there's not a lot more you have to do. But it does mean you have to have a privacy infrastructure. If a company isn't willing to do that, it doesn't really matter," Ballod said.
And there does seem to be some concern among survey respondents that their organization's information governance posture isn't quite where it needs to be. Only 48% indicated that they were "very confident" in their company's standing compliance policies, procedures and technologies.
Per Ballod, because the reputational harm associated with befalling a data breach or cyber incident is diminishing as the public becomes increasingly used seeing those events make headlines, companies outside the purview of the CCPA or other formidable privacy regulations may not have much incentive to prioritize information governance. However, Miller at Consilio thinks COVID-19 may be forcing companies to reemphasize data privacy as they adapt to a more virtual workforce and the threat of hackers deploying pandemic-themed phishing attacks.
"That means each corporation is still fighting, if not harder than they had to before, to protect the consumer's personal information that they maintain," Miller said.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllLaw Firms Mentioned
Trending Stories
- 1Decision of the Day: Judge Reduces $287M Jury Verdict Against Harley-Davidson in Wrongful Death Suit
- 2Kirkland to Covington: 2024's International Chart Toppers and Award Winners
- 3Decision of the Day: Judge Denies Summary Judgment Motions in Suit by Runner Injured in Brooklyn Bridge Park
- 4KISS, Profit Motive and Foreign Currency Contracts
- 512 Days of … Web Analytics
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250