Legal and compliance teams at technology companies are under significant pressure to bolster their organizations’ compliance capabilities, refresh privacy programs, and identify and mitigate increased areas of risk brought on by changes to business processes, adoption of emerging technologies and business operational models. As scrutiny from internal stakeholders, regulators, legislatures, shareholders and customers intensifies, many business leaders recognize that building a comprehensive data privacy program can no longer be a back-burner initiative.
Recent news events have provided ample warning of the risk of doing nothing or too little. For example, on the regulatory front, the U.S. Federal Trade Commission is cracking down on alleged privacy violators. Among the recent actions, the agency banned a spyware maker and its chief executive officer from the surveillance industry, accusing them of secretly harvesting and sharing mobile data on people’s physical movements, phone use and online activities, and leaving the information exposed on the open internet.
The FTC’s actions are expected to get even more aggressive. President Biden’s latest FTC nominee, Alavaro Bedoya, a former top lawyer on the privacy subcommittee of the Senate Judiciary Committee, is a vocal critic of the technology industry’s privacy practices, including the use of digital technologies like facial recognition for surveillance. Bedoya’s appointment comes on the heels of various federal and state legislative efforts pushing for changes that may introduce U.S. privacy rules closely aligned with privacy standards that have been adopted in Europe and California. Virginia and Colorado have recently joined the state-led effort to enforce data privacy laws, while, on the federal level, the Biden administration is working with Congress on a proposed federal privacy law, while concurrently negotiating with the European Commission to enact a new version of the EU-U.S. Privacy Shield.
Meanwhile, consumers and users continue to file lawsuits against tech companies over alleged privacy violations. For example, this month a proposed class action lawsuit was filed against a sales training software company that has developed facial mapping technology. According to the complaint, the company collected facial scans of sales employees without providing statutory disclosures or obtaining their written consent. The plaintiff accuses the firm of violating Illinois’ Biometric Information Privacy Act and seeks millions of dollars in monetary damages.
Additionally, class action lawsuits against makers of voice assistant technology products are progressing in various U.S. federal courts. In two separate cases, federal judges have ruled that plaintiffs should be allowed to move forward with allegations that these voice-assistant technology products recorded their private conversations without their consent and in violation of the federal Wiretap Act and California’s privacy law.
While these allegations are yet to be proven in court and will likely take several years to adjudicate, they serve as a stark reminder of the growing pressures technology companies face to properly address privacy issues. A strong privacy program can help technology companies avoid:
- Major fines
- Loss of customers (and trust)
- Diminished investor confidence
- Decline in market share
- Damage to brand reputation
Now is the time for technology firms to take clear, concrete and proactive steps to enhance their data privacy standards. These steps should include:
- Conducting a data privacy risk assessment to identify weaknesses in data privacy compliance and protection efforts
- Establishing a baseline to capture the totality of the organization’s privacy commitments, including what they’ve promised customers and whether they are honoring those commitments
- Managing process and technology changes to ensure that data privacy is a strategic priority for the business and that a “culture of compliance” around data privacy is established; and
- Maintaining clearly verifiable and readily accessible documentation of data privacy plans and processes.
To learn more about actionable steps that can help your organization build or bolster its data privacy program, download this whitepaper.