Cybersecurity and privacy law, including data breaches and online identity theft, is one of the fastest-emerging areas of law. This discipline encompasses an array of laws and regulations regulating how companies capture, use, transfer, store, protect and manage the personal information of their customers and employees. Companies violating privacy or cybersecurity regulations face severe risks including fines, injunctions, government audits, criminal liability as well as loss of customer trust and confidence.
Additionally, many states have their own data breach notification laws that companies must abide by. Furthermore, the federal Sarbanes-Oxley (SOX) Act applies only to public companies listed on stock exchanges and requires them to implement a cybersecurity program as part of compliance obligations.
Security and privacy differ significantly, with cybersecurity focusing on safeguarding a company’s information systems from unauthoritative access, while privacy refers to how an entity collects, uses, shares or stores information that identifies an individual. Privacy controls often focus on whether such information poses a high risk of identity theft or other harm – for instance healthcare records, social security numbers, credit card numbers, passwords for financial accounts or even geolocation or IP addresses may pose such threats.
Data breaches and privacy violations can cause immense distress to consumers, from having to change passwords or close accounts temporarily, to irreparable reputational damage and the feeling that their digital lives no longer belong to them. Businesses also bear considerable consequences, which must deal with ever-increasing regulatory requirements while satisfying customers who require more transparency and protections for themselves and their data.
Privacy and cybersecurity policies should be top of mind across all economic sectors. Governments must lead in setting policy directions and standards while working closely with private businesses to develop an approach that encourages best practices, provides effective remedies when things go wrong, and recognizes broader impacts associated with data breaches or privacy violations.
Legislators have been hard at work crafting an appropriate legal framework to address data breaches and privacy violations; however, it remains unclear which approach will work most successfully to establish a data stewardship model. Some individuals favor government controls while others advocate for more flexible approaches that can adapt easily based on changing needs; either way, cyberspace information flows transcend national borders requiring global solutions to privacy concerns.
Sidley’s Cybersecurity and Privacy Practice has established itself as a go-to source of counsel for clients facing privacy-related litigation, regulatory investigations and compliance challenges. Our attorneys regularly publish and present on new developments in the field; manage S&W Cyberlaw blog; offer full spectrum of services related to privacy and cybersecurity-related matters; commit to balanced approach that balances regulatory business litigation strategies priorities – making us well suited to anticipate legal, regulatory and policy trends and changes with ease.