Data Privacy and Data Security: Key Considerations and Compliance Issues

For access to the video, please email communications@bilzin.com.

During the first installment of the General Counsel "Focus on the Essentials" program, Philip R. Stein, Litigation Practice Group Leader, and Adrian K. Felix, Litigation Attorney, shared some key considerations and compliance issues surrounding data privacy and data security.

Data privacy and data security are somewhat different concepts: data privacy is about what you do with the data you lawfully have and data security is about protecting that information.
Both topics are increasingly causing concern for in-house counsel, as there is a heightened awareness of the many ways in which data privacy and data security issues can cause liability. Beyond preventing big "hacks", or other data breaches, companies must ensure safe practices from authorized users to minimize risk.

"There's nothing inherently wrong with having access to personal data," explained Phil. "Improperly collecting that data, using or selling that data in unauthorized ways, without proper consent, is what we want to be mindful of as it can lead to substantial costs in regulatory actions or in private-party litigation."

Multiple federal and state consumer laws govern the security of customer data and attorneys' professional responsibility obligation is to preserve the confidentiality of information, including that of former clients.

The General Data Protection Regulation (GDPR), for example, became effective on May 2018 intended to strengthen and standardize consumer data protection and privacy laws for EU/EEA residents by, in part, giving residents control over their data through the requirement that businesses be more transparent in how they collect, retain, and use such data and obtain he informed consent of residents.

"These terms apply to all businesses, organizations and entities that provide goods or services to EU/EEA residents," Adrian said. "Regardless if the business is located solely in the US, the GDPR will apply if the business has European consumers."

It is crucial for GCs to treat data privacy as they do other corporate compliance issues, keeping up to date with regulatory guidance and seeking advice of IT specialists, data retention experts, and counsel.

To learn more about this and other related topics, stay tuned as our General Counsel "Focus on the Essentials" program continues.

About the GC Series
The General Counsel "Focus On The Essentials" program is a series of 50 minute CLE programs that focus on the essentials of various subjects general counsel should know something about but simply have not had the opportunity to become more knowledgeable about such as data privacy, antitrust opt-out litigation, environmental law, international tax concerns, and protecting intellectual property upon executive departures.