5 biggest privacy challenges companies will face in 2021
While many companies may feel confident in their handling of CCPA, there are still a variety of privacy-related challenges on the horizon.
Many corporate legal departments have likely become intimately acquainted with the ins and outs of the California Consumer Privacy Act (CCPA) over the course of the last year. But there are still plenty of non-CCPA-related privacy issues on the horizon to keep legal teams hustling throughout 2021.
For starters, legal departments looking to bring more privacy work in-house will likely have to contend with a shortage of available—or qualified—talent on the market. At the same time, they may also have to track the growing number of cases being brought forth under the EU’s ePrivacy Directive, which could have serious implications for how their parent organization approaches its marketing activity.
Related: Contact tracing apps and consumer privacy: What employers should know
But perhaps most seismic of all could be the emergence of a fertile legislative environment for a new federal privacy law. Here are the five biggest privacy challenges that companies will face headed into 2021.
1. Federal privacy regulations
While the prospect of a national privacy law in the United States has often seemed vague and somewhat uncertain, recent shifts in the political landscape may get the ball rolling in that direction sooner than businesses anticipated. Tomu Johnson, of counsel at Parsons Behle & Latimer, believes that Democrats gaining control of the White House, the House of Representatives and now the Senate could be a game changer for privacy.
“In the U.S. I could see real momentum this year for a privacy law that gets passed by all three branches of the government and finally creating a good baseline floor for privacy in the U.S,” he said.
2. The EU’s ePrivacy directive
It’s possible that legal departments could also find themselves tangling with the EU’s ePrivacy Directive more frequently in 2021. The law, which governs direct electronic marketing messages, cookies and other tracking technologies, may be of particular concern to businesses who frequently rely on aggregating and analyzing consumer data to guide their advertising strategies.
“There’s been an uptick in court cases in Europe dealing with the ePrivacy Directive and fining companies for failing to comply with the ePrivacy Directive … It really runs antithetical to the way American business runs marketing campaigns here in the U.S. are really globally” Johnson at Parsons Behle said.
3. Cyber vulnerabilities
Businesses may also find themselves doubling back to address any residual data protection risks posed by the rapid transition to a remote working culture made during 2020. Mike Russell, senior manager and head of global legal operations at Expedia Group, expects that companies will have to pay attention to infrastructure problems such as keeping up with latest software patches to mitigate breach vulnerabilities.
He stressed the importance of ongoing communication between the legal department and a company’s chief privacy or security officers. “I think that that role has be leveled up even more, if it hasn’t been already,” Russell said.
4. Vendor management
In addition to their own internal cybersecurity posture, legal departments may also have to worry about vendors entrusted to handle sensitive matters or data. In 2016, for instance, 11.5 million documents were stolen from Panama offshore firm Mossack Fonseca that allegedly revealed evidence of tax evasion and money laundering on the part of wealth clients.
“Law firms are protecting all of this information and they are not secure themselves, if they have not engaged or gotten a competent privacy professional to consult in their organization, then they are very much at risk,” Russell at Expedia Group said.
5. Staffing shortages
One problem that corporate legal departments and law firms alike may share headed into 2021 is the relative dearth of qualified privacy professionals on the market. Rita Heimes, general counsel and chief privacy officer for the International Association of Privacy Professionals, noted that there simply aren’t too many associates with three to five years of experience in the field just yet.
For corporate legal departments, this could place a greater impetus—and burden—upon on-the -job-training. “You have to become a teacher. You have to set aside time to find other people within your company who are open minded, interested [or] willing to learn something new and recruit them onto your team. I think in a pinch you always have to look in-house first and see who you can poach from another group,” Heimes said.
Read more: