Powered by recent privacy laws, lawsuits for wrongful data collection have been rapidly increasing. The result is a growing body of caselaw, many unanswered questions, and a new landscape for companies to navigate.
I recently had the opportunity to discuss the expanding number of wrongful collection lawsuits with several experts at Beazley. Based in Denver, Katherine Heaton is the Focus Group Leader for Cyber Services and InfoSec at Beazley. Amanda Thai is a Cyber TPL Specialist in Beazley’s New York office.
This cartoon involves a common phishing scam – the inheritance email. For decades, phishers have been sending out the same email scams. One would think that after a while, people would learn about the common scams, and they wouldn’t work anymore. Unfortunately, people keep falling for the same scams over and over again. Even a very low response rate still works for hackers because they send out their email messages so widely.
If you couldn’t make it to my webinar to discuss privacy and innovation, you can watch the replay here. David Keating (Alston & Bird), Ashley Massengale (Porsche) and Nameir Abbas (Okta), and I discussed practical approaches and tips for assessments of new technologies under privacy regulatory standards.
If you couldn’t make my webinar to discuss cross-border data transfers, you can watch the replay here. Justin Antonipillai of Wirewheel, Josh Harris of BBB National Programs and I discussed the new framework between the US and the EU for cross-border data transfers as well as the CBPRs. We also discussed steps that companies should take today and what to expect in the future.
I was invited by Shepherd to list my recommendations for the 5 best books about privacy. Shepherd is a site that posts lists of best books recommended by experts about various topics. It has excellent lists.
I was delighted to have the chance to share my admiration for superb books by Woodrow Hartzog, Danielle Citron, Neil Richards, Anita Allen, and Ari Waldman. There are many other excellent books about privacy, but I was asked to list just 5, so I had to exclude many other very worthy works.
The Law’s Obsessive and Unproductive Focus on Data Breaches
“Too much of the current law of data security places the breach at the center of everything. Turning data security law into the “law of breaches” has the effect of over-emphasizing the conduct of the breached entities while ignoring the other actors and factors that contributed to the breach.” (p. 11)
“Data security law has an unhealthy obsession with data breaches. This obsession has, ironically, been the primary reason why the law has failed to stop the deluge of data breaches. The more obsessed with breaches the law has become, the more the law has failed to deal with them.” (p. 39)
“Breaches are already very costly and painful, so when regulators come along and add a little more to the pain, it often is not a game changer. This is especially true because the penalties are often far smaller than the overall costs of the breach.” (p. 55)
Data Security Is a Delicate Balance
“Current data security rules fail to address risk effectively. In many circumstances, the law penalizes breaches with little regard to considerations of risk and balance. Other times, the law levies no penalty against organizations even though their actions created enormous unwarranted risks.” (p. 12)
Here is a recording of my interview with Jodi & Justin Daniels of Red Clover Advisors with their series, She Said Privacy/He Said Security,
In this interview I discuss how to educate your team on data privacy and security. I also reveal how to lead engaging training sessions on privacy laws, the different types of privacy laws that employees should be aware of, and tips and tricks on personal security and privacy.
Here is the recording of my debate with Prof. Jane Bambauer. We discussed state privacy laws and the pros and cons of the Uniform Law Commissions model privacy law, the Uniform Personal Data Protection Act (UPDPA).