Technology has made it easier to collect, analyze, share and exploit personal data. And, with virtually all records and information stored electronically, data security is no longer a luxury but a necessity for all companies, whether large or small. Privacy and data security requirements affect nearly every organization and compliance obligations, not to speak of the risk and penalties for the failure to address them adequately, are rapidly increasing.
Privacy and data security is no longer just an IT issue; it is a compliance issue. A patchwork of state and federal laws and regulations compels companies to develop comprehensive strategies to meet the challenges presented by today’s information technology on a global scale. In a complex and constantly evolving world economy, companies need to understand how to use information technology to help their business grow while also understanding where risk to their organization lies. Companies must take steps to mitigate risk in a cost-conscious manner. Indeed, the Federal Trade Commission (FTC) has taken the position that all companies must maintain reasonable policies and procedures to protect sensitive information. The FTC has been aggressively pursuing enforcement actions against companies in various industries for failing to adopt adequate privacy and data security measures, even in situations in which an actual data breach has not yet occurred. The FTC has the power to punish violators with fines and to require implementation of specific privacy policies (which include lengthy monitoring and reporting periods). Several other federal, state and international organizations and agencies are also active in the privacy and data security arena.
In our experience, the best defense against potential data breaches, investigations by state and federal regulators, customer complaints or litigation, and improper handling of sensitive data by vendors is a well-constructed privacy and data security plan. Calfee has a wealth of experience in developing such institutional policies and procedures.
Calfee’s attorneys also are prepared to assist clients in security investigations and response in the event of a data or security breach, including responding to and working with the FTC, other federal regulators and state attorneys general. Additionally, we counsel our clients on how to contain and manage any damage following a breach.
Along with the FTC, other federal and state regulators have indicated that information security and data privacy concerns are of the utmost concern to consumers, and have promulgated numerous regulatory approaches to address them. It is important to ensure your business’ compliance strategy takes these regulations into account.
Calfee’s Compliance team has experience in this regulatory arena, including:
- Federal Trade Commission Act
- Electronic Communications Privacy Act
- Computer Fraud and Abuse Act
- Fair Credit Reporting Act and Fair and Accurate Credit Transactions Act
- Health Insurance Portability and Accountability Act
- U.S. Patriot Act and Bank Secrecy Act
- Uniform Electronic Transactions Act
- Gramm-Leach Bliley Act
- Children’s Online Privacy Protection Act
- State privacy and data breach notification laws