Why reading about your rights and data?
Data, and in particular regulations and laws related to user privacy and data protection, is a must-know topic in today’s digital world. Nowadays, data is the new gold. Whether you have a high-tech company that manufactures medical robots or you own and operate a coffee shop, you retrieve and handle vast amounts of sensitive data on a daily basis, often without realizing it. This includes personal data from your customers, sensitive proprietary information from your suppliers and a whole host of other forms of data.
As a corporate executive, an increasingly large portion of your job is to assess risk. Risk related to data theft, data breaches and data protection is one of any corporate executive’s most important roles and is only set to become more important as data security becomes more vital for companies doing business in an increasingly digital world. Data thefts, data breaches and cyber-attacks can result in a company unintentionally violating the data privacy of its customers, employees or suppliers. A data-related incident can lead to a loss of a consumer trust in a company and it can even lead to the wide-scale shutdown of critical institutions or vital infrastructure, as the world saw in 2019 when Venezuela’s power was shut down for multiple days in some parts of the country due to a cyber attack.
Data leaks, data theft or other data-related incidents can also damage the reputation of your company or its ability to stay competitive in virtually any industry. After the massive attack of several US companies by the NotPetya virus cyber attack in 2017, FedEx Corporation’s TNT division was significantly affected to the tune of some USD $300 million and lost market share to competitor DHL, competitive ground that it still has yet to make up two years later.
Protecting privacy through personal data protection is considered mandatory for effective and good governance at both the corporate and governmental level. This is why data protection laws exist in over 120 countries around the globe. In order to protect their citizens, many countries also have required corporations to enact stringent measures to ensure the data of their users or clients are only being collected with user or client consent and that such data, once collected, is securely store. Companies that do not take data protection seriously may find themselves on the receiving end of the USD $230 million fines that Airbus or Marriott International have had to pay for violating European data privacy regulations for data breaches.
Your company is not the only one at risk of a data security related incidents. Individual corporate executives are frequently the target of hackers or cybercriminals attempting to disrupt the operations of a particular target company through its senior executives. With the growing number of administrative sanctions imposed by jurisdictions throughout the globe, executives may sometimes be personally liable if their company or organization is not in compliance with the relevant data privacy regulations. Executives in some countries like China can even face jail time if their company breaches that particular jurisdiction’s data privacy laws and regulations. Even in the United States, the duty of loyalty that each corporate director owes to the company of which he or she is a director has been interpreted by some courts to create a personal legal duty to ensure that the corporate directors appropriate exercise oversight of a company’s data collection and privacy efforts. A failure to uphold this duty by a corporate director can result in personal liability in the event of a data breach or other failure to appropriately monitor or oversee appropriate data collection, protection and storage protocols, systems or controls. A company’s executives or directors may be violating the law or data privacy regulations without even realizing they are doing so. Data regulations vary all across the globe and their scope can differ from country to country. Therefore, you or your company could be violating a national law or regulation without even realizing that what you are doing violates a law or regulation.
Data protection regulations are often local or national while most multinational companies manage their data on a global level in unmaterialized ways (i.e. through the use of cloud storage or central servers that store data from many different countries or jurisdictions). The legal framework applicable in every country in which a company may have operations may be different or even conflict. This can create a nightmare for company executives tasked with trying to ensure that their data storage, collection and storage protocols are in compliance with all applicable data collection and storage protocols.
Moreover, executives are not always aware of the technology used in the day-to-day work performed by their employees in the ordinary course of business. Some technologies utilized by a business may even create conflict due their experimental status. For example, executives may have no idea how to apply a consumer’s right to access to data or how to comply with a national law or regulation allowing consumers to request the cancellation of one’s personal data when such data is encrypted in a blockchain format that cannot be changed or altered in any way.
Digital technology moves quickly, often more quickly than regulations or laws can move to keep up, but some jurisdictions are able to tailor their regulations and laws to keep pace with emerging technologies. If you are an executive and you want to be up to speed on digital technology, and in particular the rapidly evolving regulations or laws relating to same, then you need a resource to help you in this endeavor.
Datalaw is a resource that is dedicated to helping executives in a wide variety of industries to keep abreast of important developments and changes in the laws and regulations that apply to data collection, storage and dissemination. Our goal is to offer busy executives an essential resource to maintain their awareness of all issues related to privacy, data collection, and related topics in order to provide executives with the essential tools to deal with data privacy accordingly.
Datalaw aims at creating awareness of executives on legal issues related to data in every business lines.