This content was paid for by a sponsor. The LAist news team was not involved in its creation. Learn more about LAist's editorial guidelines.
Privacy used to be limited to what happened behind closed doors. That is no longer the case. Privacy has exploded, in California and across the country, causing companies to scramble just to keep up. We talked to Matt Pearson, privacy litigation partner in BakerHostetler’s Orange County office, to learn more about why privacy has become such an issue now and what companies should be doing to address it.
Question: Everywhere we look, we are reminded of the intersection of privacy and business, whether in a company’s privacy policy or in those little banners that pop up on websites. Why the recent surge?
Pearson: There are really three reasons for it. First, people have come to realize that the internet is not anonymous. Second, people are learning more and more every day how their information can be and is being leveraged. And third, states are taking it upon themselves to enact laws intended to protect their residents’ privacy.
The unintended result of those three things is a patchwork of state privacy laws, confusing and often conflicting interpretations of those laws, and fertile ground for consumer class actions and regulatory investigations. Truthfully, the speed at which these laws are being enacted and amended is putting companies in very uncomfortable situations, especially given how costly one mistake could be.
Q: You mentioned the costs being borne by companies. What are those costs?
A: It really just depends. Obviously, not all data is the same, and not all uses of that data are the same. Making sure a company is privacy compliant does require some investment, but that investment pales in comparison to the cost of a regulatory investigation or consumer class action. Companies are far better off investing in their compliance now than they are defending their actions later.
Q: What would you recommend companies do to avoid some of these costs in the future?
A: I think we have to change how we view privacy compliance. In the past, companies might have updated their privacy policies once every couple of years or when something changed drastically. Doing that now is a recipe for disaster. Privacy compliance is no longer a “check the box” kind of thing. Companies need to be proactive about it. There should be, at a minimum, quarterly audits. Policies should be continuously updated. Websites should be periodically cleaned up. You’d be amazed how many companies find themselves in trouble for using something on their website that they either no longer use or didn’t know they were using in the first place. I see this often with specific marketing campaigns—the campaign has run its course, but the java script that companies were running to track the campaign’s success remains on the website. Similarly, companies will often fixate on the data they can gather from their website users without stopping to think whether they should be gathering it in the first place. There is a lot of low-hanging fruit that can be addressed immediately, which can significantly reduce future exposure for companies.
Q: This seems like a lot for companies to keep track of. Is there a resource you would recommend to keep companies abreast of privacy laws and trends?
A: This is a shameless plug, but if you’re in the area, come check out our privacy lunch-and-learn presentations. We try to go over all the trends in privacy litigation and how best to avoid being dragged into a lawsuit. We also talk about best practices and the pitfalls we have seen through our practice. Oh, and there’s lunch. If you’re interested, send an email to: mpearson@bakerlaw.com.