Insight

Privacy Practice

Data protection is all the rage among tech companies and state, national (and even transnational) governments alike. Is it a passing fad or here to stay? And how should businesses and groups of all sizes handle compliance with a blizzard of new laws?

Data Protection Prompt New Privacy Laws
CW

Casey Waughn

June 8, 2022 09:05 AM

PERHAPS NO AREA of law is evolving more quickly—or is closer to top of mind for in-house attorneys, organizations and private practitioners—than data privacy, data protection and cybersecurity. Chief privacy officer was a role seldom seen in the C-suite even 15 years ago, but it’s now common at most companies. In the last half-decade or so alone, new data protection regimes have been introduced in the European Union and United Kingdom as well as in California. These necessitate significant operational and compliance changes for many organizations regardless of the sector within which they operate.

Over the next 12 months, at least four states—Virginia, Colorado, Utah and California again—will see new or greatly expanded consumer privacy legislation take effect. This means that many groups are addressing—some for the first time—how to respond to this fast-evolving area of the law.

Women, whether in-house counsel or in private practice, are in a unique position to lead this response. The International Association of Privacy Professionals (IAPP) estimates that equal numbers of women and men make up the privacy field, a rarity in both technology and the law. Below are four common myths about data privacy, and four steps all organizations can take to prepare to address imminent legal changes.

Myth 1: There will soon be a federal law covering consumer privacy, so my organization or client shouldn’t expend energy implementing a response to current regimes.

Many privacy experts speculate—perhaps even hope—that Congress will soon pass federal consumer data protection legislation. Others posit that rather than preempting state legislation, a federal law may instead simply set a floor for consumer privacy rather than a ceiling, leaving room for states to continue to legislate and impose restrictions above the federal baseline. Furthermore, sector-specific laws regarding health, finance and education data will likely continue to exist. Accordingly, while practitioners and organizations can hope that for simplicity’s sake federal legislation will soon pass, they should remain skeptical that Congress will fully solve the current patchwork.

Myth 2: My organization or client already implemented a program in response to Europe’s General Data Protection Regulation (GDPR), so as new state laws roll out, we’ll be covered.

Organizations that implemented privacy programs in response to GDPR, the EU’s 2016 directive, are certainly in a good position to handle the various state laws, as most such legislation resembles or mirrors aspects of GDPR. But having a GDPR-compliant program doesn’t mean you’re automatically compliant with any given state legislation, each of which has various distinguishing nuances. Organizations must evaluate their existing program to determine what, if any, changes they might need to make.

Myth 3: My organization or client is too small and does not have the budget to continually address the changing privacy landscape.

Most privacy legislation has a threshold that an organization must meet to be considered compliant, but the minimum required gross revenue is often low and can sweep in even small or midsize businesses. Past enforcement has focused not just on big-name companies, but also smaller fry, so simply ignoring new or existing regimes can create significant regulatory risks. Furthermore, even if your organization doesn’t have the budget of, say, a large tech company, a privacy program can be built to scale. Small changes, such as ensuring that your privacy notice is reviewed regularly and is up to date with changing laws, or implementing vendor contracts, are relatively modest steps that go a long way toward achieving compliance.

Myth 4: Privacy is currently a hot legal trend, but it’s a fad that will disappear in a few years.

While the field of privacy law is fairly new, legal restrictions on how organizations can collect, use and share information have been around for nearly 50 years. Groups in highly regulated areas such as health care, finance, government, critical infrastructure and education have been dealing with sector-specific privacy approaches for decades. Even though the last few years have seen an influx of new laws—and consumer privacy seems to be at the forefront of many legislators’ minds—the need to comply with regulations will still exist in the years ahead even if the flurry of legislation eventually slows.

It can all seem exceedingly complicated. If your organization or client has no idea where to start addressing consumer privacy, here are four steps to help guide you.

1. Determine which laws apply to your organization.

Every state law has various thresholds that a firm must meet to be required to comply. Moreover, Europe’s GDPR has broad territorial scope and often applies to entities outside the European Economic Area. The U.S., meanwhile, has additional sector-specific laws as outlined above. Understanding which apply to your group will help you devise a compliant program.

2. Map your data.

Determine which types of data you collect from each category of individual with which your organization interacts (customers, vendors, employees, website visitors) and whether that information is ever shared with third parties. This will help you craft strategies for vendor management, handle rights requests from individuals pursuant to various legislation, develop proper privacy notices and obtain correct consent when applicable.

3. Educate critical stakeholders and empower people within your organization to “own” data privacy measures.

Organizational buy-in is key to achieving a functional and compliant privacy program. Companies greatly benefit when their employees understand the stakes and can assist with compliance. Having an internal point person or team to respond to privacy inquiries on behalf of the broader firm can make establishing and running a program less daunting.

4. Analyze current “notice and consent” mechanisms already in place and revise them as appropriate.

Most consumer privacy regimes are built according to a “notice and consent” model, meaning that an organization has an obligation to notify consumers how it collects, uses and shares data, then to obtain consent (either opt-in or opt-out). Companies should examine whether and when they currently provide notice to individuals from whom they collect data, and how they manage obtaining consent or respecting an individual’s choices regarding its data practices.

This generally means reviewing one’s privacy policy regularly, ensuring that it encompasses all information use, collection and sharing, and making sure internal procedures are in place to address the requirements of various privacy laws, including procedures for handling consumers’ requests to exercise their rights.

This evolving body of law can seem like an utterly complex series of new requirements but dispelling the most common myths to others in your organization, or to your clients, and then taking a few initial steps to address legal compliance can go far toward creating a robust privacy program.

Casey Waughn is an Associate at Armstrong Teasdale LLP. She helps clients navigate and comply with complex regulatory regimes, particularly in the data privacy, cybersecurity and white-collar spaces. As a data privacy practitioner, Waughn counsels clients to develop, implement and maintain practical privacy and data protection strategies to fit their organization’s needs.

Related Articles

New Sheriff in Town on ESG


by Patricia Brown Holmes

Various regulatory agencies within the Biden Administration are stepping up enforcement of corporate malfeasance in the ever-trendy ESG space.

ESG Enforcement in the Corporate Environment

Follow the Money


by Rachel F. Sifuentes

Women are the future of fintech—but in the here and now, they’re still being underserved in an industry otherwise marked by explosive growth. Here’s why that must change.

Women and the Future of Fintech

Announcing the 7th Annual Women in the Law Publication


by Best Lawyers

The 7th Annual Women in the Law publication is a celebration of all the female legal talent across the country, honoring every woman listed in The Best Lawyers in America and Best Lawyers: Ones to Watch in America.

Honoring Female Lawyers in the United States

Recruiting, Raising and Retaining the Next Generation


by LaVon M. Johns and Patricia Brown Holmes

With savvy recruiting, great culture and a focus on work/life integration, learn how any law firm can still get the most out of its greenest personnel.

Animated figures putting massive puzzle together

Generation Gaps


by Victoria Brenner

A major case upended aspects of grandparents’ disputed visitation rights regarding their grandchildren. 20 years on, where do laws around the country stand?

Child with hands over older man's eyes

Beyond the Billables


by Michele M. Jochner

In a recently conducted, comprehensive study, data reveals a plethora of hidden realities that parents working full-time in the legal industry face every day.

Women in business attire pushing stroller takes a phone call

Connecticut Attorney General Releases Status Update on Data Privacy Act


by Gregory Sirico

Connecticut's attorney general recently released a report on the current status of the Data Privacy Act, focusing in on some keys areas of enforcement.

Animated woman's face with code scattered everywhere

Crucial Alliances


by Jane E. Young

Workplaces everywhere have changed since the start of the pandemic in ways that can be highly beneficial to women. Here’s a road map for consolidating recent gains—and making the most of them going forward.

Woman at desk working with roadmap behind her

Current State of EU to U.S. Data Transfers


by Gregory Sirico

The Biden Administration and European Commission recently came to a principle political agreement concerning the ever-changing future of EU to U.S. data transfers.

New Framework for EU and U.S. Data Transfers

The Future of Litigation Is Changing for Female Solicitors in the U.K.


by Catherine Baksi

The support of entire law firms, organizations and senior counsel members will be the key to encouraging female solicitors and positive change in the industry.

Changing Litigation for UK Female Solicitors

The Upcycle Conundrum


by Karen Kreider Gaunt

Laudable or litigious? What you need to know about potential copyright and trademark infringement when repurposing products.

Repurposed Products and Copyright Infringemen

IN PARTNERSHIP

The Compensation Situation


by Liz S. Washko

Pay discrimination has been outlawed for decades. Yet the issue has taken on new salience in recent years. Here’s what to know about compensation equity—and where the legal risk lies for companies.

Pay Discrimination and Equity in Legal Indust

Remote Controls


by Cynthia Morgan Ohlenforst

How law firms, lawyers and taxing authorities must adapt to remote work

Law Firms Adapt to Remote Work

Changes and Challenges


by Megan Norris

As the pandemic ebbs and many people return to the office, midsize law firms in particular must navigate a host of unprecedented questions about costs, culture and client expectations.

Changes, Challenges and Cost of the Pandemic

Carrying the Torch While Raising the Bar


by Sharen L. Nocella

Catherine Pyune McEldowney makes waves as one of the few Asian-American women at the pinnacle of a U.S. law firm.

Asian-American Representation in Law

Forging Bonds, Building Business


by Crystal L. Howard and Lizl Leonardo

As disorienting and occasionally frightening as the pandemic has been, it has also forced lawyers to find innovative new ways to stay connected and do business.

Pandemic Sparks Innovative Ways of Conducting

Trending Articles

2025 Best Lawyers Awards Announced: Honoring Outstanding Legal Professionals Across the U.S.


by Jennifer Verta

Introducing the 31st edition of The Best Lawyers in America and the fifth edition of Best Lawyers: Ones to Watch in America.

Digital map of the United States illuminated by numerous bright lights

Unveiling the 2025 Best Lawyers Awards Canada: Celebrating Legal Excellence


by Jennifer Verta

Presenting the 19th edition of The Best Lawyers in Canada and the 4th edition of Best Lawyers: Ones to Watch in Canada.

Digital map of Canadathis on illuminated by numerous bright lights

Legal Distinction on Display: 15th Edition of The Best Lawyers in France™


by Best Lawyers

The industry’s best lawyers and firms working in France are revealed in the newly released, comprehensive the 15th Edition of The Best Lawyers in France™.

French flag in front of country's outline

Announcing the 13th Edition of Best Lawyers Rankings in the United Kingdom


by Best Lawyers

Best Lawyers is proud to announce the newest edition of legal rankings in the United Kingdom, marking the 13th consecutive edition of awards in the country.

British flag in front of country's outline

Announcing the 16th Edition of the Best Lawyers in Germany Rankings


by Best Lawyers

Best Lawyers announces the 16th edition of The Best Lawyers in Germany™, featuring a unique set of rankings that highlights Germany's top legal talent.

German flag in front of country's outline

Celebrating Excellence in Law: 11th Edition of Best Lawyers in Italy™


by Best Lawyers

Best Lawyers announces the 11th edition of The Best Lawyers in Italy™, which features an elite list of awards showcasing Italy's current legal talent.

Italian flag in front of country's outline

Combating Nuclear Verdicts: Empirically Supported Strategies to Deflate the Effects of Anchoring Bias


by Sloan L. Abernathy

Sometimes a verdict can be the difference between amicability and nuclear level developments. But what is anchoring bias and how can strategy combat this?

Lawyer speaking in courtroom with crowd and judge in the foreground

Things to Do Before a Car Accident Happens to You


by Ellie Shaffer

In a car accident, certain things are beyond the point of no return, while some are well within an individual's control. Here's how to stay legally prepared.

Car dashcam recording street ahead

The Push and Pitfalls of New York’s Attempt to Expand Wrongful Death Recovery


by Elizabeth M. Midgley and V. Christopher Potenza

The New York State Legislature recently went about updating certain wrongful death provisions and how they can be carried out in the future. Here's the latest.

Red tape blocking off a section of street

Find the Best Lawyers for Your Needs


by Jennifer Verta

Discover how Best Lawyers simplifies the attorney search process.

A focused woman with dark hair wearing a green top and beige blazer, working on a tablet in a dimly

Key Developments and Trends in U.S. Commercial Litigation


by Justin Smulison

Whether it's multibillion-dollar water cleanliness verdicts or college athletes vying for the right to compensation, the state of litigation remains strong.

Basketball sits in front of stacks of money

Prop 36 California 2024: California’s Path to Stricter Sentencing and Criminal Justice Reform


by Jennifer Verta

Explore how Prop 36 could shape California's sentencing laws and justice reform.

Illustrated Hands Breaking Chains Against a Bright Red Background

Is Premises Liability the Same as Negligence?


by Jeremy Wilson and Taylor Rodney Marks

In today's age, we are always on the move, often inhabiting spaces we don't own. But what happens when someone else's property injures you or someone you know?

A pair of silhouetted legs falling down a hole with yellow background

Woman on a Mission


by Rebecca Blackwell

Baker Botts partner and intellectual property chair Christa Brown-Sanford discusses how she juggles work, personal life, being a mentor and leadership duties.

Woman in green dress crossing her arms and posing for headshot

Why Backlinks Matter for Law Firm SEO


by Nancy Lippincott

The key ingredient to a law firm's online search visibility could lie within backlinks, a driving factor in the industry's efforts to build an SEO-based future.

Collection of search bars, menus and posts in front of gray background

Best Lawyers Celebrates Women in the Law: Ninth Edition


by Alliccia Odeyemi

Released in both print and digital form, Best Lawyers Ninth Edition of Women in the Law features stories of inspiring leadership and timely legal issues.

Lawyer in green dress stands with hands on table and cityscape in background