What We Know Now – Lessons from 2019 to Better Manage Data Privacy in 2020

Over the last year, technology innovations in the automotive industry continued to be a boon for both drivers and manufacturers alike. However, with big gains in technology come big data, and 2019 delivered the next big wave of data privacy and security laws to regulate it. As these laws and consumer expectations continue to evolve, industry executives should keep the following best practices top-of-mind.

1. Navigating and Understanding Applicable Law

The number of new privacy laws and their varying scope makes compliance particularly challenging for companies with diverse or widespread operations. Implementing and fostering a strong unified privacy and security program can help navigate this web of regulation, creating a strong foundation that can provide consumers the security they demand – while still maintaining the flexibility needed to adapt to particular jurisdictions and regulations.

2. Third-Party Risk Management

Companies should incorporate data privacy and security review into their due diligence when engaging with vendors or other third parties, especially those that deal with consumers’ personal information. For instance: Are third parties’ data privacy and security practices aligned with your company’s? Are they compliant with relevant compliance standards? Is your company transparent with consumers about third party relationships?

3. Forecasting Operational and Business Requirements

In adding additional protections and control for consumers, privacy laws create operational and technological burdens on companies. For example, notice and request for information requirements may require additional employees and training, and companies’ systems and technical practices may need to be updated to implement and support required protections like data anonymization and aggregation. Companies should stay up to date on emerging privacy and security issues, as well as technological innovations – and prepare their operations accordingly.

4. Consumer Expectations and Securing Consumer Trust

As consumers become more aware of data privacy, companies should not only make these issues a priority – but make that priority obvious to consumers. It’s crucial that companies be transparent about their privacy policies and practices, and engage with consumers’ questions or concerns.

5. Remember that Cybersecurity ≠ Compliance

While compliance with data privacy regulation is necessary, it may not always be sufficient to merely protect data. Third parties may continue to pose cybersecurity risks, and while compliance with notice and opt-out/ opt-in requirements implemented by privacy laws may give consumers more control over and information about authorized uses or disclosures of their data, it does not protect them from unauthorized uses or disclosures. Companies should continue to work to implement security measures and practices that provide the best cybersecurity, including eliminating vulnerability early at the design stage and continuously monitoring for new or inevitable security threats.

This set of best practices can help your company lead the pack in this evolving area. For more detail on these and other key issues facing the auto industry, check out Foley’s white paper on the “Top Legal Issues Facing the Automotive Industry in 2020.”

Disclaimer

This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome. Photographs are for dramatization purposes only and may include models. Likenesses do not necessarily imply current client, partnership or employee status.