Companies face privacy and data security challenges

Technology is engrained in every aspect of our business and personal lives. Society can hardly move fast enough to adopt today's technologies before tomorrow's arrive in our workplaces, homes, cars, and palms of our hands. Along with such tremendous new developments come significant new legal risks.

As people increasingly live their lives on the Internet and broadband, businesses naturally collect vast amounts of data that is valuable to them, and also considered private by customers, employees, investors, suppliers, etc. Businesses are struggling to keep pace with the privacy and security challenges that arise as a result.

Companies should approach privacy issues proactively, starting with information use policies and procedures tailored to the particular business, and designed to avoid internal problems and costly lawsuits. Success requires a merger of legal and technical expertise to address the myriad of issues that arise on a daily basis – particularly with social media (Facebook, Twitter, LinkedIn, YouTube, etc.), email, webmail (Gmail, Yahoo!, etc.), handhelds (iPhones, iPads, Droids, Blackberries, etc.), surveillance, background checks, laptops, and the many other technologies in use. Training of managers and employees about appropriate data use and privacy also is critical for success.

In addition to privacy concerns, it is a fact of life now that companies must take adequate precautions to protect the security of the personal information they collect. Companies involved in health care (regulated by HIPAA), banking or financial services (Gramm-Leach-Bliley), education (FERPA), and credit services (FACTA and Red Flag Rules) have been subject to rigorous standards for some time. However, every business must now comply with laws and regulations enacted by the states – and coming soon at the federal level for businesses nationwide – particularly if the company employs or does business with Massachusetts residents.

Companies will need to draw on a depth of subject matter knowledge and industry experience to become data security compliant. And, even a careful company can have a data security scare or breach. A prompt, levelheaded, and meticulous response to such a situation is imperative to avoid or control litigation, and the potentially disastrous public relations and business consequences of a breach.

The Internet revolution presents both exciting advancements and significant privacy and data security issues. Companies need to address these challenges proactively before they become difficult and costly legal problems.

Cameron Shilling leads the Privacy and Data Security Group at the McLane Law Firm and serves as the editor of the firm's Privacy and Data Security blog. He can be reached at 603-628-1351 or

Categories: Legal Advice