The Significance The uptick in regulatory enforcement and focus around data privacy is clear. The FTC’s case against Uber is one of two recent examples that show the agency’s willingness to go after executives. And recently the FTC issued an enforcement action against online alcohol marketplace Drizly and its CEO, James Corey Rellas. In the Drizly case, Brandon Robinson, chair of the data privacy and security practice at Balch & Bingham, noted that the company was “alerted to problems with the data security procedures because they had an earlier incident” but still “didn’t take steps to address those security problems. And they didn’t hire anybody to be in charge of data security despite sort of knowing that there were these issues.” He added, “I think that what we’re seeing is an attempt to place some individual accountability on executives when they’re really just sticking their head in the sand or trying to cover something up, not just for being negligent.” Going forward, Robinson noted companies should ensure they have clear roles dedicated to data security and privacy and a clear reporting structure in place to avoid potential liability. “I think some of the mistakes these executives made is sort of the ‘if everybody’s in charge, nobody’s in charge’ problem,” he added. Ryan Blaney, a partner in the Washington, D.C., office of Proskauer Rose and head of its global privacy and cybersecurity group said, “It’s kind of a timeline. [Data privacy] is first an IT problem. Next, it’s a problem that legal, compliance and IT own. Next, the responsibility also is included on the board and senior executives,” he said. “And then once that happens, then the regulators can say, ‘Well, now that we’ve educated everybody that we believe this is a responsibility at the board level.’” The Information Want to know more? Here's what we've discovered in the ALM Global Newsroom: Rapidly Shifting Privacy Landscape Rewriting Rules of Game for Advertising With Contrarian FTC Commissioner Gone, Critics Worry About Agency's TrajectoryOther States May Join Utah in Restricting Teens' Social Media AccessLessons From Google’s Spoliation Sanctions: Don’t Dismiss Systemic Holds—Or Chat Data Inside Track: Legal Teams Strain to Adapt to 'Blistering Pace of Regulatory Change' Legal Teams, Sticklers for Confidentiality, Must Be on Guard for AI Tools With 'Loose Lips' The Forecast What legal teams need to do to effectively address these challenges around shifting compliance and data privacy regulations is to have “data sustainability” woven into their organization’s governance framework, according to Andrew Serwin, Chair of DLA Piper’s Data Protection, Privacy and Security Practice. Data sustainability is a concept that, at its core, is meant to consider issues that go beyond legal consequences for the use of personal data. It includes the concept of data privacy, and weighs its importance, but according to Serwin, it cannot stop there. To ensure these principles stand the test of time, discussions about new and evolving risks around data collection and privacy topics need to be prioritized. Implementing these changes ensures that today’s in-house legal teams are staying one step ahead of the ever-evolving data privacy regulations. Data sustainability is an effective asset to shielding corporate counsel from past, existing and unknown threats and risk. So whether it’s the holidays, the New Year, or the heat of July, companies can trust that they are protected against any new entity that may arise. |