Privacy, Data Security and Cyber-Security Law

Some the biggest news stories in recent months have involved privacy, data security and cyber-security. Ranging from Edward Snowden’s revelations about NSA spying on Americans, credit card breaches at retailers like Target and Home Depot, class action litigation against Facebook or the hacks on Sony Pictures; more and more companies are finally realizing that protecting their customer’s personal and financial information is not just the responsibility of the “geeks” working in IT departments. Rather it is a mission critical function that needs the attention of the CEO/business owner and all employees.

In the US, there is a patchwork of federal and state laws dealing with privacy protection. They are based on the industry sector, for example, laws covering medical records, banking transactions, credit cards, debt collectors, library book records, and many others. These laws typically describe the responsibilities the record holder has in terms of protecting information from unauthorized access or dissemination, modification and/or destruction and the obligation to report privacy breaches.  The Federal Trade Commission, other federal agencies, state attorney generals and plaintiffs’ attorneys are very active in privacy related litigation.

Since 1995, the European Union has adopted a more comprehensive approach to data security and privacy. Other jurisdictions are getting involved now that rapid changes in cyber and other technology have exposed global commerce and consumers to ever increasing privacy risks.

Susie Hoeller has been counseling companies on privacy law issues since the 1990s, well before data and cyber security issues started to make headlines in the global media.