Home Welcome to Legal OnRamp
           

The Age of Data Privacy

Caren Gordon Monday, 01 March 2010 20:23
E-mail Print PDF
Over the past few years, data privacy and security breaches are often more frequently in the headlines of major newspapers. High profile cases invite more regulatory activity, as well as scrutiny from customers and employees. In addition, companies face the challenge of managing a greater volume of sensitive information—created by increasing digitization of employee, health, financial, and other personal data.
Just last month, the Federal Trade Commission (FTC) collected more than $18 million in three settlements related to data breaches and inadequate compliance with data privacy-related laws. These three cases, following closely behind several recent Safe Harbor-related settlements, reflect the FTC’s newly-determined and rigorous enforcement posture. More concerning are the ongoing compliance requirements and continued supervision over remediation efforts. One recent settlement included providing compliance updates to the FTC every two months, which can certainly drain managers’ time and attention. Moreover, the FTC is not alone—data protection authorities in the UK, Germany, and Australia are adopting more aggressive enforcement postures than ever before.
The financial consequences of inadequate data privacy and protection continue to grow as well. According to Ponemon Institute research, the average cost of a customer data breach has grown from $4.5 million in 2005 to $6.7 million in 2008. In 2008 alone, the total cost of data privacy breaches to U.S. corporations was $721 million.
A brief review of recent news and trends suggests that the following three developments are here to stay:
  • Continued emphasis on an adequate information security program. SEC and FTC investigations, as well as recent amendments to Massachusetts data privacy laws, have focused primarily on companies’ information security policies and procedures and their ability to protect the confidentiality of customer data, guard against (physical or electronic) threats to the security of the data, and protect against unauthorized access to the data that could result in harm to the customer.
  • Emerging regional and global enforcement of cross-border data flows.  U.S. and EU authorities are starting to pay more attention to Safe Harbor certification as increasingly more companies self-certify as Safe Harbor-compliant. EU, Asian, and U.S. industry and national data protection authorities are engaging in more informal networking and information exchange—especially regarding e-privacy and telecommunications.
  • Asia as the next hotbed of data privacy activity.  Demonstrating the increasing maturity of e-commerce in Asia, the Asia-Pacific Economic Cooperation (APEC) members recently set up the Electronic Commerce Steering Group to create a standard data privacy framework for the region. Specifically, many countries including India, Malaysia, and the Philippines have either enacted or proposed comprehensive privacy laws based on the EU Privacy Directive. For companies that have focused primarily on U.S. and European requirements, developments in Asia may present unique, unanticipated challenges.
Last Updated ( Tuesday, 02 March 2010 12:48 )  

Join Legal OnRamp

  • Learn – access thousands of answers to day-questions on Legal OnRamp and across the legal web
  • Share Expertise – share your expertise, build your network and reputation, accelerate your learning
  • Collaborate – find folks with common interests, solve shared problems
  • Succeed – be a leader in the community that is changing the legal landscape and see why nearly 10,000 GCs and firm lawyers around the world say "with Legal OnRamp, the future is now."
Request Invitation

OnRamp Jobs Posting