Earlier this week I had the good fortune of leaving the remnants of Chiberia for sunny Miami to spend time learning from some of the best and brightest in the data privacy space at the annual Privacy Law Salon Roundtable Event.
This was my second time attending this fantastic event, Microsoft served as a proud sponsor and since Artificial Intelligence (AI) is such a hot topic in the data privacy law arena, we were also provided the opportunity to distribute copies of Microsoft’s book entitled The Future Computed: Artificial Intelligence and its role in society.
While I learned so much at the Roundtable and had a terrific opportunity to network with many data privacy leaders, here were my primary takeaways: (1) the Roundtable provides a great “blueprint” for the legal and compliance community on how to produce an outstanding and high-impact event; and (2) as we are well into The Fourth Industrial Revolution that has resulted in leading technologies generating massive amounts of data that can help us achieve more but which needs to be properly used and protected, data privacy considerations needs to be top of mind for all in-house counsel.
Over the past several years I have attended my share of legal and compliance industry events, seminars, continuing legal educations, etc… Some have been excellent, some have been good, some have been mediocore and some have been a waste of my time. In my opinion the Roundtable was better than excellent and here’s some reasons why:
- No PowerPoints: There were no traditional presentations delivered during the Roundtable. As a result, instead of only a few people talking at you, everyone was talking with each other.
- “Off the Record” Discussions: Attendees participated in various private group discussions – approximately 20 people per group – on leading data privacy topics. Participants have the opportunity to become acquainted with each other in such a smaller setting and these discussions are based on the Chatham House Rule so people feel more comfortable actively contributing to the conversation and learning from each other.
- Highly Skilled Facilitators: The leaders for these group discussions are leading law professors who have outstanding credibility and privacy law subject-matter expertise. They are well skilled at keeping the conversations moving forward and drawing upon the insights of the participants to generate an even more robust dialogue. In fact, when I was in law school back in the day I wish I had professors just like them.
- Built-In Networking Time: The Roundtable agenda is smartly designed with plenty of opportunities to network both between the group discussions and during meals/refreshments.
- Great Venue: My wife is a realtor in the Chicago-area and she is constantly reminding her clients that real estate is all about location, location and location. In order for an industry event to be successful, the location also needs to be top-notch and you can’t get much better than being in Miami during February at The Four Seasons Hotel.
- The Attendees: The Roundtable attendees are privacy leaders from a mixture of companies, law firms, cybersecurity practices, academia and the non-profit world. I’ve been impressed with the diverse nature of the attendees and their passion for the privacy space – which also rubbed off on me. After being at the Roundtable for a few days I’m fired up about the increasing importance of data privacy in our ever-changing world and I look forward to continuing the conversation during my keynote on Security and Privacy at the ctrl-ALT-del Conference in the Arizona desert next week.
Last month in a LinkedIn blog post, Microsoft President & Chief Legal Officer Brad Smith identified privacy as a Top Ten Tech Issue for 2019. In addition, here are some trends we are seeing in the data privacy area:
- The “Internationalization” of Data Privacy: Countries across the globe have been leading the establishment of new data privacy laws. Last May the widely anticipated and transformative General Data Protection Regulation (“GDPR”) became effective in Europe and a few months afterwards in August Brazil enacted a new data privacy law that is GDPR-like.
- The United States & Data Privacy: It will be interesting to see whether Congress is ready, willing and able to enact any sort of federal privacy law in the near future. Historically United States federal privacy law has been more industry focused with the Health Insurance Portability and Accountability Act (“HIPAA”) and the Gramm-Leach-Bliley Act (“GLBA) focused on the financial services sector. In the meantime, California passed the California Consumer Privacy Act which goes into effect next year and other states are actively considering enacting their own data privacy laws.
- Rise in Data Breaches: Cybercriminals are becoming more and more sophisticated and as depicted in this graphic below from an article in The Economist magazine last month, data breaches in the United States continues to increase across various industry sectors:
- It’s AI All the Time: AI requires huge amounts of data to help train AI algorithms – and such data needs to be properly used and protected. Facial recognition technology can also present some unique challenges and late last year Microsoft published principles that it will adopt for Microsoft’s facial recognition work.
- National Security Versus Privacy: Balancing the need for law enforcement to have access to key data in order to protect citizens in the interest of security with the data privacy rights of individuals can be very difficult. At the end of last year Australia passed a law providing law enforcement access to encrypted data.
As organizations increasingly use data to help enable their digital transformation, I believe that both understanding and keeping up to speed on the constant evolution of data privacy/cybersecurity law is an absolutely necessary and foundational skillset for all in-house lawyers – regardless of their company or their area of legal practice. As you look for more opportunities to better serve your clients and earn their trust, think about how you can “skill up” on data privacy and cybersecurity.