Imagine That IP Law Blog

Data Privacy Day occurs annually on January 28. Launched in the U.S. and Canada in 2008 by the National Cybersecurity Alliance, the Data Privacy Day campaign raises awareness about internet safety and data privacy concerns.

A survey conducted in 2018 by the Pew Research Center found 79% of Americans are “not too or not at all” confident that a company will admit to having made a mistake or accept responsibility for the implications of compromised personal data. (See “Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information”). Even more concerning, 70% of respondents believed their data was less secure than it had been five years earlier.

This year, on the heels of one of the largest cyberbreaches in history, and amidst constantly evolving international laws and regulations, data privacy and protection has never been more critical to a company’s risk management strategy. As consumers begin to understand the consequences of sharing data, companies need to adapt. Businesses - right now - need to prepare for a multitude of privacy concerns, including compliance requirements, risk assessments, and rising distrust among consumers. It will be a delicate balance; the basic needs of a company - functioning, innovating, maintaining revenues – will co-exist with a heightened need for data privacy and protection. By preparing ahead, knowing the risks, and following a plan, companies can add value and build trust.

Simply put, data privacy is good for business.

When addressing data privacy and protection within any organization, consider the following three principles: compliance and risk mitigation; best practices; and brand management.

1. Avoid potentially costly mistakes by complying with national and international data protection laws.

Data privacy protection is stronger than it has ever been. Landmark legislation passed in the last five years reflects the growing concern for protecting personal data. In 2018, the European Union enacted the General Data Protection Regulation (“GDPR”) to govern how companies handle personal data for EU citizens. While the U.S. lacks comprehensive federal law that protects privacy, some states are breaking new ground. California passed a significant law that took effect in 2020 called the California Consumer Privacy Act (“CCPA”). As the most comprehensive data privacy legislation in the U.S, the CCPA has set the groundwork for the rest of the country to enact more stringent regulations and stronger safeguards against data privacy issues.

With the onslaught of privacy regulations comes the need to comply with them. Failure to do so raises the possibility of large fines and other penalties, especially under the GDPR. Non-compliance also risks business relationships and consumer trust. It’s important to know and understand the law so that you can comply with it. As the obligation to protect privacy continues and evolves, companies must educate themselves and act within the bounds of applicable data privacy laws.

2. Exercising best practices will limit your legal liability and build trust with consumers.

Data privacy affects all companies, regardless of size. Entrepreneurs making their first forays into business and Fortune 500 companies alike are tasked with safeguarding their customers’ information. To that end, certain best practices will minimize data privacy risks, including the following action items.

• Be minimalist. Only collect needed data and store it only if needed for future use.
• Be transparent. Make sure your privacy policy is easily accessed by the public. Make sure it’s up to date. When there has been an exposure or breach, remediate the issue as soon as possible and alert the affected parties.
• Be secure. Restrict data access to only those who truly need it. Make sure data is secure when stored, but also when it is transferred from one system to another.
• Be proactive. Conduct privacy audits. Revisit your operating procedures often. Are you launching a new product? Using a new third-party provider? Branching out into new territories or countries? All of these changes may require alterations to your data privacy procedures.

3. Gain a competitive edge through data privacy.

Companies improve brand value and goodwill by protecting data, and communicating with consumers regarding such protection. A company that emphasizes and prioritizes data privacy protection will attract the increasing number of consumers who are concerned about safeguarding their personal information, particularly in technical fields. In addition to building a reputation for caring about consumers’ privacy, follow through is also paramount, Transparency and consistency in data privacy protection is the key to winning consumer trust.

As fear of compromised personal data grows, consumers will alter online behavior. Companies can proactively manage this in many ways, but the most important principle remains: safeguarding a consumer’s data will, in turn, protect the company itself. Moreover, demonstrating a commitment to privacy can build customer loyalty and offer significant advantages over competitors.