New Regulations and the Next Steps

Principles of data privacy and cybersecurity converge when organizations exchange, transfer and process sensitive information. And, the more sensitive the data collected, including health-related data and biometric data, the more likely that an entity will need to comply with heightened regulatory requirements.

As if striking the balance between data privacy and cybersecurity were not enough, a cross-border data exchange is further complicated by the sometimes conflicting regulations between the US and international jurisdictions. The heightened regulatory environment within the European Union, with the forthcoming General Data Protection Regulation (GDPR), drastically changed the way businesses maintain and exchange data from within the EU. In addition to the EU, China and Australia have also enacted data protection regulations that will impact domestic data practices. This presentation will explore this intersection of converging domestic and international data obligations and its effect on creating efficient and secure data management practices that meet the needs of the business. Discussion will focus on how businesses can resolve potentially conflicting obligations in a reasonable and responsible manner.

Key takeaways

1. The US is increasingly becoming an outlier in data protection and cybersecurity frameworks. Companies needs to look beyond the US borders to understand new privacy-oriented trends.
2. Privacy and security are no longer a siloed business decision. With the GDPR and related regulations going into effect, all facets of a business need to be aware of privacy and security concerns.
3. Businesses need to take into consideration the international flow of data, the chain of custody of data, and the technologies impacted data in order to create a robust risk mitigation strategy.