Cybersecurity & you: Developing a data privacy game plan – WRAL TechWire

Select Page
Image by Gerd Altmann from Pixabay
by Steve Britt and Sarah Hutchins, Parker Poe — November 22, 2022 .
Editor’s note: This is the latest in a 5-part series from law firm Parker Poe on data privacy law to bring some clarity to one of the fastest growing and most complex areas of technology law.
This article is the culmination of our prior four articles and closes out our series. The first thing to say is you should not feel bad for not having instant recall of all of the pieces of the data privacy puzzle. For as complex as the legal landscape already is, only 10% of the states have enacted a data privacy law. But there is hope even there.
For example, there have been many times over the past 2-3 years when it seemed very likely that a couple of states would pass a new data privacy law that included a private cause of action for violations of the law. Sometimes a bill with this provision made it all the way through one body of a state legislature only to fail in the other body. Massachusetts has been headed this way for most of the past two years, but that effort seems to have stalled for now.
Still, 14 states now authorize private causes of action for data breaches resulting from the failure to provide reasonable data security. That should send a chill down any CEO’s spine. Our advice to clients is, if you suffer a data breach, you should expect to be sued. So, make this a priority now while you can still control the agenda.
Besides, given the growing complexity of these laws, we already know enough to act. That is because the best approach to all of these new risks is to create a sound data management program that fits your budget. We recommend that you:
This may sound like a lot of work, and it certainly requires a significant commitment, but a well-designed data management game plan can accomplish a lot between now and next year. Your goal is to commence a good-faith effort towards compliance rather than to create the perfect solution.
Realize that we won’t have regulations in place for most of these states (other than California) for at least another year. In California, the CPPA intended to have new regulations in place by July 2022. It has missed that date and is still conducting stakeholder consultations about the new regulations.
But when the CPPA does act, we can expect it to be aggressive and it has already made clear that a major focus will be automatic data processing and profiling, two areas that can have a substantial impact on your data operations.
The other key danger is California’s and other states’ private cause of action for a data breach resulting from the failure to implement reasonable data security. Class actions that were filed 8-9 years ago for large data breaches were often unsuccessful in proving actual damages from the breaches.
Many states in addition to California with its Consumer Protection Act (CCPA) have now incorporated statutory damages to eliminate those hurdles to litigation. In California, statutory damages of $100-$750 per incident can easily run to tens of millions of dollars for a single breach, so you don’t want to leave yourself open to those types of claims.
Also, since data security is part of data protection, it is worth noting that Verizon’s 2021 Data Breach Investigations Report (DBIR) cites phishing and use of stolen credentials as representing 25% of data breaches with ransomware doubling its rate to 10%. That is why cyber insurance premiums have skyrocketed by 300% in the past year and companies with poor data security practices cannot get it at all.
About the authors
Steve Britt, CIPP/E, CIPM, is a cyber, data privacy & technology attorney at law firm Parker Poe. He focuses his practice on cybersecurity and data privacy laws and regulations. Britt counsels his clients on the full range of data protection laws. He may be reached at [email protected].
Sarah Hutchins, CIPP/US, is a cyber, data privacy & technology attorney at law firm Parker Poe. She helps clients navigate business litigation, government investigations, and data privacy and cybersecurity. Hutchins may be reached at [email protected]
Latest headlines delivered to you twice daily
© 2022 WRAL TechWire.   |   Site designed and managed by WRAL Digital Solutions.   |   Privacy Policy.   |   Terms and Conditions
Raleigh Crossing
Horseshoe & Hub RTP
Top Golf
Raleigh Iron Works
Seaboard Station
Bloc 83
Perry's Steakhouse & Grille
Smoky Hollow
Durham Food Hall



Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top

Adblock Detected

Please consider supporting us by disabling your ad blocker

Refresh Page