Technology is engrained in every aspect of our business and personal lives. Society can hardly move fast enough to adopt today's technologies before tomorrow's arrive in our workplaces, homes, cars, and palms of our hands. Along with such tremendous new developments come significant new legal risks.
As people increasingly live their lives on the Internet and broadband, businesses naturally collect vast amounts of data that is valuable to them, and also considered private by customers, employees, investors, suppliers, etc. Businesses and the law are struggling to keep pace with the privacy and security challenges that arise as a result.
Companies should approach privacy issues proactively, starting with information use policies and procedures tailored to the particular business, and designed to avoid internal problems and costly lawsuits. Success requires a merger of legal and technical expertise to address the myriad issues that arise on a daily basis – particularly with social media (Facebook, Twitter, Linked-In, YouTube, etc.), email, webmail (Gmail, Yahoo!, etc.), handhelds (iPhones, iPads, Droids, Blackberries, etc.), surveillance, background checks, laptops, and the many other technologies in use. Training of managers and employees about appropriate data use and privacy also is critical for success.
In addition to privacy concerns, it is a fact of life now that companies must take adequate precautions to protect the security of the personal information they collect. Companies involved in health care (regulated by HIPAA), banking or financial services (Gramm-Leach-Bliley), education (FERPA), and credit services (FACTA and Red Flag Rules) have been subject to rigorous standards for some time. However, every business must now comply with laws and regulations enacted by the states (and coming soon at the federal level for all businesses), particularly if the company employs or does business with Massachusetts residents.
Companies will need to draw on a depth of subject matter knowledge and industry experience to become data security compliant. And, even a carefully company can have a data security scare or breach. A prompt, level headed, and meticulous response to such a situation is imperative to avoid or control litigation, and the other potentially disastrous public relations and business consequences of a breach.
The Internet revolution presents both exciting advancements and significant privacy and data security issues. Companies need to address the challenges proactively before they become difficult and costly legal problems.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
