Baa, Baa, Data Breach:

Keeping Executives Up at Night

Amanda Allen headshot

Dori Goldstein

Mark Smith headshot

Betsy Mountenay headshot

A conversation with Bloomberg Law analysts Amanda Allen, Mark Smith, Dori Goldstein and Betsy Mountenay

Bloomberg Law Regulatory & Compliance Team Lead Amanda Allen and analysts Mark Smith, Dori Goldstein, and Betsy Mountenay discuss the need for implementing an agile framework that takes into account the ever-changing terrain of the privacy and data security landscape.

It seems like every company has major data and privacy vulnerabilities. Is a statement like that just scaremongering, or is it on target?

Smith: While some chief privacy officers may take issue with the qualifier “major,” I think all would agree that vulnerabilities abound. For confirmation, you needn’t look farther than the latest data breach headline.

Mountenay: I agree. And even for companies that have invested in a privacy and data security program, some may view it erroneously as nothing more than a box to be checked, thinking, “ We’ve done that. We’re compliant, so we won’t be in the next headline.”

Allen: Yes, that’s dangerous thinking. Compliance is dynamic. It’s not a one-and-done sort of thing. As laws continue to evolve and cyberthreats continue to shift, a company’s privacy compliance efforts need constant reassessment and recalibration.

Do you think that companies are doing enough to look internally at their own employees’ data and privacy concerns?

Goldstein: I think that’s the elephant in the room. Oftentimes companies are focusing solely on customer data and customer relations, forgetting about the privacy and security implications of their own workers’ data. Given the sensitive information collected from and about employees, companies need to ensure the adoption of policies and procedures that comply not only with employment laws, but data security laws as well.

How are companies getting ahead of the data security obstacles in their strategic growth discussions?

Smith: Smart companies are taking a holistic approach to privacy compliance, no longer looking at it as just a legal issue or an IT issue. They are building teams with members from diverse business units to identify vulnerabilities and mitigate risks across the entire organization.

Mountenay: And to a certain extent, they’re looking to develop and streamline strategies that satisfy—or strive to satisfy—the varying requirements of different laws and jurisdictional requirements. Not an easy task, for sure, but documentation of those strategies is key.

Related Content:

Bloomberg Law Leadership Forum D.C.

The Bloomberg Law Leadership Forum D.C. brings our exclusive legal series for in-house counsel and law firm leaders to Washington, D.C.

A Conversation with Hugo Teufel

Hugo Teufel, chief privacy counsel at Raytheon, offers his insights on key privacy aspects that need to be addressed in the defense and aerospace sector.

A Conversation with Molly Huie & Meg McEvoy

Molly Huie, Bloomberg Law’s Data & Surveys Team Lead, and Meg McEvoy, Legal Analyst, discuss a few key findings from Bloomberg Law’s recent Legal Operations & Technology survey.

A Conversation with Corey Dennis

European regulators wasted no time getting serious about the European Union’s General Data Protection Regulation (GDPR), which took effect in May 2018.