Everything I Needed to Know about Privacy I Learned in Kindergarten?
By When I started practicing in the privacy and data security space years ago, my colleagues and I talked shop about the EU Data Protection Directive, sectoral laws like HIPAA and GLBA, and the early wave of data breach laws. As time passed, our conversations shifted to the Federal Trade Commission, Wyndham Hotels, poor LabMD, and the dawning realization that what was in a company’s privacy policy needed to be — well — accurate. Even then, we saw plenty of off-the-shelf privacy policies and related representations that tried, but did not line up with reality. And often, privacy lawyers were the lonely nerds in the room telling folks that maybe, just maybe, that document needed a bit more detail.
Fast forward to today: between the FTC’s steady stream of enforcement actions and the broader wave of privacy-related litigation and regulations, privacy lawyers know that what you say in a privacy policy — or should have said but didn’t — can come back to haunt you. (See this, for example.) At the IAPP global conference in March, we heard this repeatedly. As one speaker put it, if you say what you do and do what you say, you’re 80% of the way there. So, my big, not-so-earth-shattering takeaway from the IAPP this year is that accuracy matters, and digging into the details matters even more. We are no longer operating in the era of grace periods.
The good news for us is that in this data-driven world, privacy lawyers are needed more than ever. (And if your title is on the data security side of the house — I count you in this group. Data security is a critical part of protecting the privacy of information.) We also need each other — to think through novel issues, to argue over the finer points, and to find a reasonable compromise on conflicts that look unresolvable.
Speaking of collaboration, if you were at the IAPP, it was great seeing you at our informal NCBA meetup. I hope you enjoyed a chance to connect with your fellow privacy and data security colleagues from the Tar Heel State. And if you missed it, don’t worry — we’re planning another meetup in Raleigh in June. More details soon. Also, our Section’s annual meeting is May 21st. We’ll be voting for new council members. We hope you can join us.
Since my last article, your Section has been busy. In December, Vice Chair Shannon Ralich hosted a Fireside Chat with Jay Exum of Think BRG, guiding attendees through the patchwork of state comprehensive privacy laws. We’ve rolled out stickers for the Section. We have another What’sBlowingYourMind video.
Our Law Student Liaisons have been hard at work too. Kayla Jenkins at NCCU presented on April 17th at NCCU’s Science and Intellectual Property Law Review symposium. Sam Specht at Wake Forest organized a presentation by former Section Chair Steve Snyder, Senior Assistant General Counsel of AI and Digital Property Rights, Sourcing at Moodys Corporation for students on March 23rd. Kelly Villarin at Campbell welcomed guest speaker Maribeth Minella, Senior Counsel & DPO of Wheels Up Experience, Inc., to her data privacy class on March 30th. A big thank-you to these students for coordinating these events — and to the speakers for sharing their knowledge and experience.
Our Pro Bono Chair Sean Fernandes, together with our YLD Liaison Sheila Spence and YLD collaborators Alexandria Gwynn and Cherell M. Harris, launched a meaningful project educating high schoolers about bullying, cyberstalking and deepfakes, including their rights under the federal Take It Down Act. The “Think Before You Click” pro bono project held its first presentation on April 20th at the School for Creative Studies in Durham, reaching 150 students from 6th to 12th grade. I’m incredibly proud of our Section for taking on this important work. If you’re interested in presenting or you know a school that would like to have some speakers, please let us know.
I look forward to seeing many of you later this Spring.