We're celebrating 10 Days of Membership! Today's Gift: $20 off your professional membership with promo 10DAYS20OFF
Training, policies and tools to help HR prevent and respond to harassment claims.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Develop your HR competencies and knowledge in-person in 12 U.S. cities or virtually.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
A client recently asked me to identify the next wave of data privacy litigation. I said that with so much attention on lawsuits arising from data breaches, particularly in light of some recent successes for the plaintiffs in those lawsuits, the way in which companies collect information and disclose what they are collecting is flying under the radar. This “failure to match” what is actually being collected with what companies are saying they’re collecting and doing with that information could lead to the next wave of data privacy class-action litigation.
Regulators Are Active
What sort of civil class-action liability could companies face for failure to match?
How Can Companies Minimize this Risk?
To minimize the risks, companies should begin by evaluating whether their privacy policies match their collection, use and sharing practices. This process starts with the formation of a task force under the direction of counsel that is comprised of representatives from legal, compliance, IT and marketing and that is dedicated to identifying:
This requires a really deep dive, perhaps even an independent forensic analysis, to ensure that the company’s statements about what information is being collected are correct. It’s important that the “tech guys” responsible for developing the app/ website understand the significance of full disclosure. Companies should also ask, “Do we really need everything we’re collecting?” If not, why are you taking on the additional risk? Also remember that this is not a static process. Companies should regularly evaluate their privacy policies and monitor the information they collect. A system must be in place to quickly identify when these collection, use, and sharing practices change, so the policies can be updated promptly where necessary.
Al Saikali is a partner and co-chair of Shook Hardy & Bacon’s Data Security and Data Privacy Practice Group, based in Miami.
Republished with permission. © 2013 Shook Hardy & Bacon. All rights reserved
SHRM Online Safety & Security page
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Refer a Friend to SHRM
SHRM’s HR Vendor Directory contains over 3,200 companies