Did you know there are at least 30 states with pending laws regarding data privacy? There is also a push to create a comprehensive federal privacy law. With the increased scrutiny surrounding data privacy and cybersecurity, how are businesses expected to keep up with the constant changes and avoid litigation? Our Privacy & Cybersecurity team is here to help with our top 5 list for areas that could impact your business in 2020.
The California Consumer Privacy Act (CCPA) has been a hot topic in 2019 and will continue to be in the spotlight through 2020 and beyond. You don’t need to have a presence in California for this to affect your company.The law applies to any for-profit business that collects personal information from California residents and meets one of three set criteria. The CCPA also applies to any entity that is controlled by or that controls a business covered by CCPA. Businesses that are subject to the CCPA should start preparing now in anticipation of the effective date of January 1, 2020. The enforcement date is July 1, 2020 and it will take many businesses at least a year to build out the policies and protocols necessary to comply.
ALLOCATION OF LIABILITY
There is a constant debate of “who owns the data” and “whose responsibility is it to protect the data” when there is shared data between businesses and other parties. The sharing of personal information across businesses, service providers, and other third parties that help optimize the use of data need to be managed effectively. Systems need to be in place and procedures must be followed in compliance with applicable legal framework, or liability may fall upon an unsuspecting party.
Many emerging technologies in the Fintech, Healthtech, and other sectors use personal information across regulated spaces. Companies need to ensure they are managing their data in a compliant manner. There has been an uptick in creators of technology acting solely as application developers. But application developers need to keep relevant industry regulatory requirements in mind and determine how to build in safeguards to protect the data in the banking, healthcare, and other related sectors.
CYBERSECURITY IN CRITICAL INFRASTRUCTURE INDUSTRIES
Another example of what to watch for – highly regulated industries such as energy, utilities, and agribusiness. Any business related to critical infrastructure is at high risk for cybercrimes and needs to have a heightened awareness about how it is managing data. For example, smart meters track not only energy usage, but personal data for those across the grid.
Having a proactive information security program with an executable incident response plan is necessary going into 2020, with a robust allocation of liability and litigation on the rise. It’s not sufficient to create a generic template for your business’ plan and stick it on the shelf for a rainy day. Companies need a functional, updated, actionable plan in place, coordinated with designated third party resources, a specialized privacy team like Michael Best, an IT forensics firm, and a breach notification provider in order to cover all bases for future risk.
HOW WE CAN HELP
Our Michael Best Privacy & Cybersecurity Team will keep a finger on the pulse on these top trends as we approach the new year. Many of these top issues can be managed and mitigated by having a strong privacy plan in place. Please reach out to any of our team members to learn more about how we can help you navigate these developments in 2020.