Hogan Lovells privacy leader Chris Wolf has authored an article in Inside Counsel magazine, a journal providing insights for law department leaders. The piece is entitled "The Risks of Neglecting Privacy" and explains how privacy concerns likely will result in a stricter legal and regulatory framework, meaning that companies should act now to bolster consumer protection.
[N]ew and challenging privacy issues have arisen with the advance of technology, including online tracking of our Internet activities, online financial transactions, geolocation tracking of our mobile devices, new ways for information to be collected about our kids, social media sharing, the collection, sharing and retention of sensitive medical information, facial recognition, cloud computing, mobile app collection of data, the Smart Grid and, of course, data breaches. Privacy has become front-page news, as the continuing Wall Street Journal series “What They Know” demonstrates. And while no new major legislation has come out of Capitol Hill, shine-the-light hearings on the privacy practices of various companies have been frequent in the House and Senate.
It would be a mistake for any business to assume that the demand for greater privacy protections will subside, even if a new federal law is unlikely. Recent FTC enforcements under Section 5 of the FTC Act show the agency to be significantly more aggressive in the privacy arena. Privacy practices that deviate from stated policies or that are fundamentally unfair are subject to investigation and enforcement actions, regardless of a company’s intent. At the Department of Health and Human Services, enforcement of health privacy rights is a new priority. The National Association of Attorneys General has made privacy its major focus for the coming year. Civil actions that so far have been thwarted by the absence of financial harm sufficient to support standing to sue or to fulfill the elements of statutory or common law claims are being allowed to proceed under novel theories of harm and liability. Moreover, companies are seeing reputational harm in the marketplace from the glare of publicity when privacy or data security missteps occur.
It would be folly for a company to treat privacy in a business as a usual manner, because change is occurring in the U.S. privacy framework. The increased regulatory enforcement is one reflection. In addition, Americans are more aware and concerned about privacy than ever. Pressure is coming from the European Union (with its stricter privacy laws) and countries that follow the EU’s lead.