Emerging Patchwork of Data Privacy Regulations Raises Corporate Compliance Concerns panel

Emerging Patchwork of Data Privacy Regulations Raises Corporate Compliance Concerns

When the California Consumer Privacy Act goes into effect on January 1, it will be the first major piece of American data privacy legislation – but it will likely not be the last. While 22 states currently have some form of data privacy law, many more will soon follow or be updated, if the growing call for regulation of data from nearly 20 billion internet-capable devices currently in use is any indication.

Though legislation from individual states creates layers of protection for constituents, it creates a host of compliance issues in the business landscape – namely, that the individual states’ laws will necessarily have different requirements and demand time and resources to satisfy each of them separately.

“A lot of companies want to build [legislation] on a national basis,” said Bruce Teichner, senior vice president and managing counsel at Wells Fargo, in a panel about the emerging data privacy patchwork at the Bloomberg Law Leadership Forum, held on Sept. 18, 2019, in Washington, D.C. “What is the standard that you are going to apply to the other 49 states? What exactly are you doing and what is the fallback when there are claims and issues in these other 49 states?”

Jo Ann Davaris, global chief privacy officer of Mercer, pointed to the open letter signed by 51 CEOs of major U.S. corporations in September 2019 that called for federal data privacy legislation that preempts individual state laws. That letter, which was signed by the likes of Jeff Bezos of Amazon and Jamie Dimon of JPMorgan Chase, addressed the need for corporate standards but also what they saw as reasonable protections for consumers.

“I know that when corporations speak up on the pro side of privacy, it’s sometimes not with a credibility behind it. Sometimes those that are speaking for privacy have gotten in trouble with the FTC or other enforcement agencies,” Davaris said in the same panel talk.

Emerging Patchwork of Data Privacy Regulations Raises Corporate Compliance Concerns panel

To her, this letter indicates that everybody is feeling the same pressure to anticipate forthcoming standards and devise ways to comply with rules that don’t yet exist. “We need to band together to have that be heard, that it’s important that bipartisanship aside, there has to be something that can be agreed on together,” Davaris said. “That is better than nothing, or the patchwork that’s coming.”


“From an industry perspective, it’s always great to see that this is becoming a more and more validated area, and things that we have asked for change in [are actually changing],” added Jennifer Couture, chief privacy officer and privacy legal counsel at Alexion Pharmaceuticals. “But at the same time we … keep feeling the financial impact of that.”

Emerging Patchwork of Data Privacy Regulations Raises Corporate Compliance Concerns panel

For its part, the Federal Trade Commission has been very vocal about asking Congress to give it rule-making authority and civil penalty authority in the area of privacy and data security.

Kristin Cohen, chief of staff for the Division of Privacy and Identity Protection for the FTC, spoke on the panel about the challenges her agency faces without civil penalties in addition to potential disgorgement or redress.

“Being able to tie a particular breach or a particular privacy practice to a consumer’s injury is often very challenging, so in order to really be able to provide deterrents and get companies to really be paying attention to this, we need civil penalty authority,” Cohen said.

Related Content:

Rep. Greg Walden Pushes for Federal Data Privacy Bill

The ranking member of the House Energy and Commerce Committee emphasized the need to protect the innovative spirit at the core of internet and tech companies that would be most impacted by such a law.


Privacy Rules Are Key to Building Trust

After a series of high-profile data breaches at major companies such as Facebook and Capital One, organizations are overhauling privacy policies while working to regain consumers’ trust.

Data Breach: Keeping Executives Up at Night

Bloomberg Law’s Regulatory & Compliance team discusses the need for implementing an agile framework that takes into account the ever-changing terrain of the privacy and data security landscape.

Health Data Privacy Compliance Poses Unique Issues

As director of privacy and counsel to PPD, Corey Dennis has been closely involved with the compliance tied to the company’s integrated drug development and life cycle management services.