Data Privacy is Still A Huge Concern For The legal Industry: 3 Reasons for Why It Is Proving More Challenging

Petro Krasnomovets
By Petro Krasnomovets,
21st February |
25

Data privacy proves to be a much larger concern to the M&As. GDPR, while noble in its goal, struggles when it comes to enforcement and execution. These and other factors are a telltale sign that the Legal Industry is still unprepared to face the ‘Brave New World’.

Cybersecurity has been a staple part of M&A deals for several years. The more recent changes to cyber law and information protection, on the other hand, have been a more recent addition, yet there’s no arguing that a data-related review is now a necessity. 

The value of data and data protection

A greater volume of deals is being impacted by data privacy policies. Moreover, the value of the data a company holds can rival its IPs or monetary assets. This brings a lot of questions regarding the process of regulation in terms of the company’s own policies as well as national or international law. 

Moreover, the way a company operates, stores, and processes its data has a likely impact on insurance coverage with security being at the head of the table during related negotiations. 

“The coverage that we would get from the insurer regarding compliance with data privacy laws, data breach [notification requirements], and security at large are key parts of that negotiation. Sometimes carriers will look to have different deductibles [and] caps and the scope of coverage can be negotiated – that’s a growing area of M&A,” – Eric Chow, senior counsel at Foley & Larder

A growing number of DSAR requests

People have the right to know which personal data a business they are interacting with is collecting. They execute this right via DSARs – requests that give information regarding how a business collects and stores the data. These requests also cover how companies are using the data they’ve accumulated. 

Obviously, the number of these requests is growing, yet businesses are still lagging behind when it comes to their ability to handle DSARs. Nearly two-thirds of tech executives have noticed a spike in DSAR request frequency, yet only 20% are confident in their organization’s ability to meet the demand, says the ISACA Evolving Privacy Landscape survey.  

A lack of a standardized approach to automation

Yes, automation of DSARs can, in theory, help companies address the rising challenges associated with such policies as the GDPR or the CCPA, there are no silver bullets capable of efficiently streamlining the process. 

Moreover, acts like the CCPA are quite complex and nuanced. They take a lot of factors into consideration. A company’s size, market, or customer base can make a huge difference. These nuances make a unified, centralized solution impossible. 

“CCPA is very nuanced. So there are a lot of nuanced requirements, exemptions, and applicability thresholds. As a result, there is really no ‘one-size-fits-all’ approach to compliance.” – Cassandra Gaedt-Sheckter, a data privacy attorney at Gibson, Dunn & Crutecher.