Today's General Counsel, Winter 2019

WINTER 2019 TODAY’S GENER AL COUNSEL

Cybersecurity

Data Privacy Landscape Changing Fast By Debbie Reynolds

34

T

he United States has a varied data privacy landscape comprised of a series of federal, state and local laws. Federal data privacy laws have developed into a patchwork of regulations that cover specific consumer data such as financial information and social security numbers (Fair Credit Reporting Act), health information (Health Insurance Portability and Accountability Act, or HIPAA) or online protection of minor children (Children’s Online Privacy Protection Act). Some states have enacted data privacy laws that are outpacing federal legislation with respect to the variety and scope of protections being addressed. The United States does not yet have a comprehensive national law to harmonize data privacy activity occurring at the federal, state and local levels. In contrast, the EU recently enacted the

General Data Protection Regulation (GDPR), a groundbreaking consumer law that has become the standard by which other data privacy laws around the world will be measured. With the EU’s enhanced focus on consumer data privacy and protection legislation, many are wondering, will the United States adopt a consumer data privacy and protection law like the GDPR? Significant developments in such areas as data breach notification, state leadership on consumer data privacy and the recent Carpenter v. the United States Supreme Court ruling may be precursors to the passage of federal consumer data privacy legislation. COMPLIANCE WITH GDPR A C-SUITE ISSUE

The GDPR created a huge ripple effect internationally in the consumer data privacy world when it went into full

enforcement in May 2018. It mandates protection of EU citizen’s data regardless of where it is in the world. Because of the hefty fines and penalties for non-compliance, companies had been preparing since 2016 when the GDPR became law to assure that their business practices and technologies complied. For example, the maximum fine could be up to four percent of a company’s worldwide revenue annually. The high price tag has made compliance with this law a C-suite issue. In addition to businesses paying closer attention to the GDPR, news about the EU regulation has garnered attention from consumers, who are comparing it with data protection laws in the United States. The GDPR is unusual due to its extraterritorial reach. It governs data protection of people in the EU regardless of where their data resides. Businesses in

Turn static files into dynamic content formats.

Create a flipbook

Today's General Counsel, Winter 2019

Published on Dec 19, 2018

Today's General Counsel

Workers of the world, happy new year — the robots are coming! Artificial intelligence is steadily encroaching into the workplace, write Natalie Pierce and Garry Mathiason in this issue of Today’s General Counsel. They say the projected growth rate for this phenomenon is astounding, making it imperative that at least one in-house attorney in every company become knowledgeable about the issues it raises. Philip R. Voluck takes on another workplace conflict nexus in which change is happening, but he says not fast enough. Courts have ruled that many things the #MeToo movement finds intolerable don’t add up to behavior that is “severe, pervasive and unwelcome” (and therefore illegal). The courts are slowly adopting new norms, according to Voluck.

Articles inside

Changing Views on Privacy

5min

pages 16-17