Data Privacy: More Than Just 'The New Black

• Author: Daniel S. Wittenberg
• Pages: 26-27

Published in Litigation News Volume 45, Number 3, Spring 20 20. © 2020 by the Ameri can Bar Association. Re produced with per mission. All rights re served. This info rmation or any porti on thereof may not be c opied or disseminated in any

form or by any means or sto red in an electronic da tabase or retrieval sy stem without the ex press writt en consent of the Amer ican Bar Associatio n.

26 | SECTION OF LITIGATIO N

BUSINESS OF LAW

he data protection ma rket is projected to reach

$119.95 billion by 2022 at a compound annual

growth rate of 16 percent and inc rease to close

to $200 billion by 2026 . Since the rollout of the

General Data Prote ction Regulation (G DPR),

“privacy by design has made privac y as a profession one

of the fastest growi ng and hottest vert icals in and outside

of the legal job market,” accordi ng to Jared Cosegl ia, the

chief executive of cer of TRU Staf ng Partners in a rec ent

article. The G DPR had a massive impact, being perhaps

the largest reg ulatory action in pr ivacy to date. Its impact

will be felt for years . While U.S . law on data privacy is

notably different and lac ks federal cohesion, a busi ness’s

stance toward privacy ha s become essentia l to its survival.

As the collect ion, use, and tra nsfer of personal infor ma-

tion are of heightened conc ern, privacy is now a major dis-

cussion in boardro oms. Because th ere are now a bevy

of new and developing data di sclosure requirement s,

limitations on t he use and sale of private data , and

requirements on contr actual arra ngements (among oth-

ers), the need to understa nd, comply, and avoid potential

enforcement actions a nd violations is at an all- time high.

Media attention su rrounding data bre aches, cyberatt acks,

and unauthorize d sharing of person al information is f ur-

ther disquieti ng business and adding to the corporate

worry bucket.

A Vintage Year

2018 was a landmark year for comprehen sive consumer

data privacy legisl ation. In that year alone , the GDPR took

effect, Ca lifornia enac ted its Consumer Privac y Act of 2018

(CCPA), and Vermont passed the rst law i n the country

designed to regul ate data brokers, the companies that sell

personal information.

The GDPR took effec t on May 25, 2018. It extended

European Union ( EU) jurisdict ion beyond those countries.

It mandated that any g lobal business that sells to or has

EU customers is subjec t to the GDPR, regardless of where

that business is ba sed. The EU has long applied a more

wide-rangi ng data protection reg ulatory scheme. European

privacy regulation s have generally concerne d any entity’s

accumulation of la rge amounts of data. The GDPR regulate s

the processing of p ersonal data and lays out gu iding prin-

ciples that inform t he interpretation of how companies treat

the personal dat a of EU citizens , including those living in the

U.S. or purchasi ng U.S. products or services .

The CCPA was enacted i n June 2018 and became effec -

tive on January 1, 2020. It i s one of the broadest online

privacy laws in the Unite d States, affe cting companies

across the countr y that do business with Californ ia

residents. Rather t han disting uishing bet ween the sources

of data that come with in its scope, the CCPA regulates

all personal i nformation, which, by the statute’s terms ,

Data Privacy: More Than Just

“The New Black”

By Daniel S. Witte nberg, Litigation N ews Associate Editor

© Capuski / Get ty Images