Legal Tech's Predictions for Privacy in 2020
It's not just the CCPA. Privacy concerns are poised to play a big part in legal practices in 2020, as regulations and new risks put privacy at the forefront.
January 02, 2020 at 07:00 AM
8 minute read
While the California Consumer Privacy Act (CCPA) may be the big story in privacy entering 2020, it's not the only story. Biometric protection laws promise to be a whole new front for litigation. Big Tech and social media companies continue to come under fire for how they're handling customer data. And a whole rash of states (and even the country?) may follow in California's footsteps, creating a privacy patchwork similar to what exists for data breach notification.
Privacy concerns aren't going away any time soon, and lawyers and technologists agree that it's one of the biggest paradigm shifts that will need to be confronted in 2020 and beyond. Here's what they think are some of the biggest risks and opportunities to watch for this upcoming year.
This is the third in a six-part series of 2020 predictions from Legaltech News. Earlier this week, we ran experts' predictions for e-discovery and the CCPA in 2020. Check back on tomorrow for our predictions for cybersecurity in 2020, and on artificial intelligence and innovative technologies next week. The quotes below are in alphabetical order by name, and some have been edited for length.
Bryan Foster, principal, Deloitte Risk & Financial Advisory: "Managing third-party risks for everything from data privacy to Brexit and LIBOR transitions will drive a heavier use of contract repapering solutions and services in the New Year. Legal teams don't have the bandwidth for that labor-intensive work, but they need third parties to accept responsibility for compliance with regulatory and other changes."
Mike Hamilton, director of e-discovery programs, Exterro: "Just as data scientists have been crucial to effective marketing and even swaying political elections (i.e. Cambridge Analytica), 2020 will the year of the data scientist for corporate legal departments. With the culture shift towards personal data privacy rights in the US (i.e. CCPA, etc.) and a growing importance of social media [and] cell phone data in e-discovery, legal teams must leverage personnel and technology to clearly understand what corporate data they have, where it's located and how to access it in a streamlined manner."
Laura Jehl, global head of Privacy and Cybersecurity practice, McDermott Will & Emery: "2020 will be the year Congress finally passes a U.S. federal privacy law, presidential election year notwithstanding. Pressure from privacy advocates, who have been pushing for GDPR-style rights for individuals, and from industry, which has been pleading for a single U.S. legal standard rather than a web of confusing and conflicting state laws, will finally force a bipartisan federal solution. The new law will likely follow the rough outline of CCPA with a few new twists and will authorize significant new enforcement powers and resources for the FTC, but will not include a private right of action for privacy violations."
Antonia Karlan, head of project management, Control Risks: "With employee use of mobile applications for business purposes on the rise, corporations will need to revisit and revise their 'bring your own device' policies to ensure compliance with discovery obligations and data retention guidelines. Combining this increased blurring of personal and professional activity with the expansion of privacy laws in the U.S. means that these new guidelines need to thread a careful line between providing employees with flexibility and privacy and protecting the legal interests of the corporation."
Gregory J. Leighton, partner, and Bari L. Nathan, associate, Neal Gerber & Eisenberg: "Illinois will pass legislation similar to the CCPA, giving Illinois residents various rights with respect to their personal information; mandating notice obligations with respect to collection, use, disclosure, and sale of personal information; and including a private right of action against organizations for violations. Other states such as New York and Washington will follow suit."
Nancy Libin, co-chair of Privacy & Security + Technology practice, Davis Wright Tremaine: "States will grow increasingly impatient with Congress' inability to pass federal privacy legislation and will do what many fell short of doing in 2019: pass their own privacy laws. States will take different approaches, further fracturing the legal landscape and complicating companies' compliance efforts. Companies that have developed and implemented strong data governance programs will find it easier to respond and comply with what is likely to be a range of different legal obligations, while others may face a wide variety of fines or liabilities as attorneys general and consumers pursue claims for alleged violations."
Daniel Messeloff, partner, Tucker Ellis: "With the GDPR, the CCPA, and other states' data privacy laws going into effect, more and more individuals will become aware of their new data privacy rights. Individuals will exercise these rights in new and unanticipated ways, such as employees making requests to their employers for their own records, solely to find out what their employers are saying about them. As the pendulum of data privacy continues to swing, companies will have to figure out how to address and respond to this next stage of challenges."
Matt Miller, VP, global information governance advisory services, Consilio: "As more states pass data privacy and security laws—and as long as we fail to make progress on federal data privacy legislation—we will likely see one or more states impose headline-making penalties for non-compliance. Maybe it will be California enforcing the new CCPA. … Maybe it will be New York enforcing its NYDFS Cybersecurity Regulation. … Wherever it happens, we are likely to see substantial enforcement action at the state level."
Eric Pender, director, FTI Technology: "Over the last two years, data privacy laws have forced companies to think more critically about their data, primarily from a risk and compliance standpoint. The knock-on effect that we'll see in the new year will be companies thinking more critically about their data from an opportunity standpoint in addition to risk. When data is better understood, better cataloged, better managed, etc., it can ultimately be better leveraged as a valuable business asset. Organizations that approach data privacy compliance with this mindset will be strongly positioned. Those that don't will be left behind."
Chris Ricciuti, VP, product management for legal and compliance, Veritone: "For the last decade, legal organizations like law firms and corporate law departments to state and local agencies and district attorney offices have wanted to leverage the cloud for cost efficiencies. However, given the concerns around data security, privacy and protection, they held off. In 2020, this will start to shift, thanks to the advancement of the hybrid cloud. Now, organizations can maintain and comply with data privacy and security regulations by keeping data and sensitive information on prem, but contain costs by leveraging the hybrid cloud model and storing the metadata and outputs of the data in the cloud."
Elizabeth A. Rogers, partner, Michael Best: "In 2020, California will continue to pioneer changes in privacy laws at the state level, across the United States. Not only will the California Consumer Privacy Act dramatically upset the litigation status quo when it starts being enforced next July, but also it will continue to be the blueprint for other Democratic state legislatures who opt to pass their own law due to impatience with the inertia in Congress. Meanwhile, company boards know that they can no longer afford to take a wait and see approach because they have seen the consequences suffered by other companies who did so when the GDPR became effective. Fellow corporations got fined and fellow corporate board members started being held financially responsible for breaches. As other regulations roll out through 2020, many companies will be crushed by fines and be forced out of business, through sheer violations and in the absence of a breach, and these events will motivate the onlookers into making compliance with privacy laws a top level priority."
Maarten Stassen, partner, Crowell & Moring: "2020 will be the year of the digital reality check. After years of digital transformation, often with a robust vision and strategy nicknamed after this appealing milestone, the moment has come to examine the achievements in terms of efficiency gain and business value. If data is the new oil, was the focus on 'smart' instead of 'big' data when refining it, and were privacy compliance efforts leveraged to bring the data house in order? If the answer is no, enhancing the value and reducing the risk of data will surely become a key component of the 2020 vision and strategy."
Lisa J. Sotto, chair of Global Privacy and Cybersecurity practice, Hunton Andrews Kurth: "Hold onto your seats—we're in for a wild ride ahead in 2020. Our U.S. sectoral privacy regime is under attack from all angles—Congress, the states, privacy advocates and even businesses. The historical way of regulating privacy in the U.S. is on its deathbed. The big question is what will replace it. 2020 will be a pivotal year as U.S. privacy law begins to take on a new form. The states will lead the way, with the path already cleared by California. For the first time, data privacy will be a major issue in the presidential election."
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllLaw Firms Mentioned
Trending Stories
- 1Trump's Return to the White House: The Legal Industry Reacts
- 2Climate Disputes, International Arbitration, and State Court Limitations for Global Issues
- 3Judicial Face-Off: Navigating the Ethical and Efficient Use of AI in Legal Practice [CLE Pending]
- 4The Law Firm Disrupted: Big Law Profits Vs. Political Values
- 5Infant Formula Judge Sanctions Kirkland's Jim Hurst: 'Overtly Crossed the Lines'
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250