McGuireWoods partners Steve Gold and Janet Peyton reviewed important U.S. trends and developments in a chapter of the Chambers Data Protection & Cyber Security 2019 Guide, which provides legal commentary on key global issues affecting businesses.
Gold represents clients in technology and outsourcing transactions, and Peyton assists clients with all aspects of data privacy law, including risk mitigation and compliance in the aftermath of a data breach. In their summary for the Chambers practice guide, they covered developments in areas such as biometrics, blockchain technology, malware threats, U.S.-EU cross-border data transfers, and U.S. data breach notification laws.
The authors noted that regulation of cross-border transfers changed dramatically with implementation of the EU’s General Data Protection Regulation (GDPR) in May. Many American companies will have a difficult time complying, they warned, because the GDPR requires “a level of discipline in data mapping, processing and transfer that is quite foreign to most US companies.” The penalties imposed for noncompliance will put pressure on EU companies to demand that American affiliates and counterparties bring themselves into compliance, they explained. Those who are able to meet the new standard “will be in a very advantageous market position,” Gold and Peyton wrote.
They further warned that myriad state laws with different data breach notification requirements also pose challenges for U.S. businesses: “Companies are well served by engaging experienced data breach counsel to analyse state breach notification requirements, and experienced vendors to assist with sending notices, offering credit monitoring and identity repair services, and providing telephone support for data subjects.”
Gold, who practices in the firm’s Chicago office, and Peyton, who is based in Richmond, also warned that constantly evolving malware threats to computer safety and new technology require updated focus on the contractual protections commonly used to mitigate these risks.