For Helen Doukas, General Counsel at LawVu, data is an uncut gem. With the right analysis and application, it can become the jewel of insight atop an organization’s crown. Without, it will remain full of latent potential but only useful as a paperweight.
Data is omnipresent in our lives. Defining, informing, and measuring nearly every action we take. International Data Corporation (IDC) predicts that by 2025, the world will produce an incredible 175 zettabytes of data. To put that in context, one zettabyte is equivalent to one trillion gigabytes, with each gigabyte comprising of one thousand megabytes, roughly 33 songs or one TV show, depending on the quality.
There's no escaping the impact of data on business and the law. Data is a prized asset that is spurring legislative change. And although Helen Doukas refers to the law as "a slow-moving beast", rapid technological advancements coupled with globalization and tightening regulations, have figuratively lit a fire under the law's derrière in recent years. The fields of data privacy, regulation, cybersecurity, and risk are ever-expanding, giving both in-house counsel and private practice lawyers a whole new raft of work.
There once was a time when data laws and regulations were relatively loose: the age of the digital curtain - a veil that hid industry data consumption practices from legislators and the general public - was a wild west where fortunes were made. The aptly named digital curtain enabled data to be seen as company property, even though it was created through individual behaviors. In fact, the use of personal data from electronic transaction trails and other sources built the foundation of some of today's most lucrative businesses. Think Meta (once Facebook), Google, Amazon, and Spotify.
The digital veil was pulled farther and farther aside with each scandal and high-profile misuse of data, until the veil was lifted and the true value of data and its many uses were revealed. It forced the hand of regulators, producers and market forces globally and tightened the reins on data ownership. The gold rush slowed, and the unregulated wild west became a more regulated and safer market.
Doukas believes data privacy is at the forefront of the minds of most legal leaders, due mainly to the complexity, risk, and opportunity it presents.
While this regulation was clearly necessary, the burgeoning web of regulatory frameworks presents new challenges for in-house lawyers. "Technology has forced the law to refresh and solve new problems, not only because more data has been collected than ever before in history, but the systems needed to protect it have become increasingly complex," says Doukas.
The consequence is that it is more important than ever for businesses to invest in cybersecurity and adhere to data privacy frameworks. The European Union implemented the General Data Protection Regulation (GDPR) in May 2018, its aim to give individuals control over their data and simplify the regulatory environment for international business. Compliance standards such as SOC 2, HIPAA, and ISO 27001 also provide frameworks to regulate the collection and use of customer data.
Doukas says if businesses choose not to follow these standards, they are doing themselves a disservice. "You are just reducing yourself to an increasingly small pool of customers with lower security requirements."
These new regulations not only add layers of protection, but also highlight risks to businesses. As Doukas points out, "an organization's entire business model can be built around data, as such their entire reputation is built around data." A company that suffers a significant breach whether culpable or not, is presumed to have been reckless with the data of those affected, which can result in reputational damage which may have lasting detrimental impacts on that company. "Some businesses may never fully recover from a data breach in today's cancel culture," says Doukas.
Cybersecurity is fast becoming one of the most critical aspects of an in-house counsel’s role, one which extends further than any of their other responsibilities, requiring they protect not only their company's data, but also the data of their customers as well. And with dire consequences for a breach or leak.
Much of the value of data is tied to how businesses interact with it - from gathering, to storage, to management and analysis - all crucial to turning it from zeroes and ones to gems.
Customer consent is vital to this process, and imperative if you want it to be done so legally, which means fostering and maintaining customer relationships is more important than ever before for businesses.
Data must be collected with consent and explanations given to customers about what is being collected and how it is used. Harvard Business Review states: "The more robust and thorough your consent practices are, the more valuable your customer database becomes."
Looking to the future of data and privacy laws, Doukas is fascinated by the nexus of national regulations and international business. "One of the challenges with having a nationalistic approach to data is that it complicates and slows down global deal making," she says.
The increase in regulatory hurdles will no doubt be a challenge, but they are a fair price to pay for the potential value of data. And counsel will meet them head on to ensure both their company and its customers are protected.