Steve Gold and
Janet Peyton reviewed important U.S. trends and developments in a
of the Chambers Data Protection & Cyber Security 2019 Guide,
which provides legal commentary on key global issues affecting businesses.
Gold represents clients in technology and outsourcing transactions, and
Peyton assists clients with all aspects of data privacy law, including risk
mitigation and compliance in the aftermath of a data breach. In their
for the Chambers practice guide, they covered developments in areas such as
biometrics, blockchain technology, malware threats, U.S.-EU cross-border
data transfers, and U.S. data breach notification laws.
The authors noted that regulation of cross-border transfers changed
dramatically with implementation of the EU’s General Data Protection
Regulation (GDPR) in May. Many American companies will have a difficult
time complying, they warned, because the GDPR requires “a level of
discipline in data mapping, processing and transfer that is quite foreign
to most US companies.” The penalties imposed for noncompliance will put
pressure on EU companies to demand that American affiliates and
counterparties bring themselves into compliance, they explained. Those who
are able to meet the new standard “will be in a very advantageous market
position,” Gold and Peyton wrote.
They further warned that myriad state laws with different data breach
notification requirements also pose challenges for U.S. businesses:
“Companies are well served by engaging experienced data breach counsel to
analyse state breach notification requirements, and experienced vendors to
assist with sending notices, offering credit monitoring and identity repair
services, and providing telephone support for data subjects.”
Gold, who practices in the firm’s Chicago office, and Peyton, who is based
in Richmond, also warned that constantly evolving malware threats to
computer safety and new technology require updated focus on the contractual
protections commonly used to mitigate these risks.