VIDEOS: Privacy Thought Leaders on Data Localization, Breach Response, GDPR

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Jimmy H. Koo

Privacy thought leaders recently shared their insights with Bloomberg Law on a variety of compliance issues facing companies. They discussed laws that force data to be kept inside a country, consumer litigation filed in response to data breaches, cybersecurity incident response and mitigation, data security and privacy regulatory enforcement and litigation liability risks, and the European Union’s new privacy regime.

Attorneys sharing their expertise include:

Understanding Data Collected

Many of the attorneys advised that companies work to understand the types of data they collect.

Companies concerned about laws in Russia and elsewhere that require local data storage should first verify the types of data they collect and identify whether they store information in such countries, Mathews said.

Similarly, Belair said the first step to minimizing corporate privacy liability starts with understanding what data a company collects. Collecting, maintaining, using, and disseminating personally identifiable information is a “high risk business for all companies,” Belair said.

Seeking Security

Achieving “perfect” cybersecurity is almost an impossible task for a company, but having a culture of awareness of the risks is half the battle for companies doing business in the modern world, Cattanach said. The best thing companies can do is have an incident response plan and practice it through tabletop exercises, he said.

After a data breach or other security incident, companies may face regulatory enforcement and/or litigation, but there are ways to limit potential liability. At a minimum, companies should abide by their privacy and data security promises to minimize their exposure to potential class action privacy litigation, Ballon said.

In addition, some companies may have to prepare for the EU General Data Protection Regulation, Azim-Khan said. The GDPR, taking effect in May 2018, isn’t a purely European issue and will have global implications for businesses, he said.

To contact the reporter on this story: Jimmy H. Koo in Washington at

To contact the editor responsible for this story: Donald Aplin at

For More Information

The interview videos are available at

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security