Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
Privacy Is Top Priority But Spending Will Decrease, Survey Says
Corporations may be crossing their collective fingers as the California Consumer Privacy Act's (CCPA) July 1, 2020, enforcement deadline continues to inch closer. Exterro's Annual Study of Legal Spend Management was released last month in conjunction with the Blickstein Group and Corporate Counsel Business Journal, and the results indicate that organizations may not be putting their money where their mouths are when it comes to privacy compliance goals.
Responses were collected from 52 corporate legal department employees working across a variety of industries. Among those respondents, 71% indicated that providing defensibility and complying with new privacy laws such as the CCPA would be a top priority for their department in 2020.
However, 65% of respondents also indicated that they believe legal spend geared towards compliance with new privacy laws will decrease in 2020. For example, just over 50% of respondents indicated that they would be spending less than $0.5 million on compliance with privacy laws, compared to the slightly more than 40% who said the same in 2019.
So if companies are making privacy compliance a top priority this year, why doesn't the spend reflect that goal? "A lot of organizations — which I think could be detrimental for their risk mitigation efforts — are taking a wait-and-see approach with the CCPA," said Michael Hamilton, senior managing director of marketing at Exterro.
Organizations may be banking on regulatory authorities not being ready enforce certain aspects of the CCPA straight away. Hamilton noted that this echoes the approach that some organizations also took to the General Data Protection Regulation (GDPR) and its tenants around the right to know and right of access.
Similar provisions are found in the CCPA and allow customers to see and obtain copies of any information a company has collected about them. Putting the necessary infrastructure in place to satisfy those data subject access requests can be pricey for a corporation, though regulators may already be finding the requirement difficult to enforce.
"What we've seen with the GDPR so far is that it's been hard for the EU Commission to really enforce the GDPR at a detailed level, meaning that they are not really able to monitor all of these different requests for personal data and deleting that personal data and anonymizing that personal data," Hamilton said.
But aside from the "wait-and-see" approach, it's possible that businesses are just allocating their privacy-related spend under a different heading. The Legal Spend Management survey, for example, shows that the majority of respondents (51%) believe the most risk for increased costs comes from litigation.
"I think that continues to be the highest amount of risk — the highest amount of risk associated with spend — based on increased litigation from the data privacy laws," Hamilton said. As for the 7% of respondents who rated the specified privacy category as being of the most risk for increased costs, Hamilton believes that refers to creating a defensible process for compliance.
Survey respondents were also asked to rate such privacy initiatives by importance using a scale of 1 (least important) to 5 (most important). Creating an online portal for individuals to request data rated at the top with a 4.5, followed by building an automated data subject access request process at 2.8. Repurposing e-discovery technology to identify, collect and review data subject access requests placed last with a 2.4 rating.
Hamilton thinks that companies could be in trouble come the July CCPA compliance date if they don't have efficient and defensible processes for managing the intake of data subject access requests. "Organizations are, I think, unfortunately going to be getting a wake-up call," he said.
*****
Frank Ready is a reporter on the tech desk at ALM Media. He can be reached at [email protected].
This premium content is locked for Entertainment Law & Finance subscribers only
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
- Stay current on the latest information, rulings, regulations, and trends
- Includes practical, must-have information on copyrights, royalties, AI, and more
- Tap into expert guidance from top entertainment lawyers and experts
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
How Secure Is the AI System Your Law Firm Is Using?
In a profession where confidentiality is paramount, failing to address AI security concerns could have disastrous consequences. It is vital that law firms and those in related industries ask the right questions about AI security to protect their clients and their reputation.
COVID-19 and Lease Negotiations: Early Termination Provisions
During the COVID-19 pandemic, some tenants were able to negotiate termination agreements with their landlords. But even though a landlord may agree to terminate a lease to regain control of a defaulting tenant's space without costly and lengthy litigation, typically a defaulting tenant that otherwise has no contractual right to terminate its lease will be in a much weaker bargaining position with respect to the conditions for termination.
Pleading Importation: ITC Decisions Highlight Need for Adequate Evidentiary Support
The International Trade Commission is empowered to block the importation into the United States of products that infringe U.S. intellectual property rights, In the past, the ITC generally instituted investigations without questioning the importation allegations in the complaint, however in several recent cases, the ITC declined to institute an investigation as to certain proposed respondents due to inadequate pleading of importation.
The Power of Your Inner Circle: Turning Friends and Social Contacts Into Business Allies
Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.
Authentic Communications Today Increase Success for Value-Driven Clients
As the relationship between in-house and outside counsel continues to evolve, lawyers must continue to foster a client-first mindset, offer business-focused solutions, and embrace technology that helps deliver work faster and more efficiently.