How to ensure your legal team is well-prepared for the shifting privacy landscape

From the lately launched American Privateness Rights Act—which proposes new federal shopper privateness requirements—to quite a few state-level payments, to latest and impending synthetic intelligence laws, the information privateness panorama is evolving at lightning pace.

Compliance issues at the moment are entrance and middle for organizations of all sizes—overseas and in the USA. Whereas it’s unlikely that laws will go on the federal stage, states have clearly demonstrated a willingness to go and implement complete privateness legal guidelines.

California led as the primary state when it handed the California Client Privateness Act (signed into regulation in 2018 and went into impact in 2020). And it was then joined by Virginia, Colorado, Utah and Connecticut, all of which have been carried out in 2023 with new shopper privateness legal guidelines. By the date of this text, not less than 19 states have handed complete privateness laws (with implementation dates in 2025 and 2026).

Make no mistake: Sustaining privateness compliance is a fancy shifting goal, and the checks and balances that your organization wanted 10 years in the past don’t even scratch the floor of what you want at this time. As a basic counsel, it’s essential to be capable to assemble a powerful, adaptable authorized group that may assist your organization keep compliant with present requirements and anticipate and reply to the numerous modifications coming down the pike.

Key issues for GCs

When getting ready for the brand new frontier of privateness and knowledge safety, think about how your division and group will deal with the next crucial points.

  1. Possession of privateness issues. Who’s liable for privateness issues inside your group—is it the authorized division solely? For those who do have a privateness group, how does your group companion with authorized to make sure that all bases are lined? As knowledge privateness issues change into more and more paramount to your operations and threat administration efforts, you might need to think about the advantages of getting a separate, devoted group for these points. This laser-focused assist can assist your organization maintain updated with regulatory modifications and reply with the required insurance policies and procedures, thereby decreasing the chance of violations and hefty fines. What’s extra, a freestanding privateness group could be a bridge between numerous departments, making certain that privateness is taken into account throughout all enterprise capabilities.

  2. Drafting of privateness notices. Given latest and rising laws, the drafting of privateness notices and privacy-related contract provisions has taken on new urgency for companies that deal with shopper knowledge. Poorly drafted notices can expose your online business not solely to authorized dangers but additionally to fines and reputational harm. Whereas most attorneys have a level of talent in drafting these notices, think about whether or not you might have the best individual dealing with this activity. A seasoned privateness lawyer understands the authorized nuances of your organization’s knowledge monitoring, assortment, processing, storage and sharing practices. They will additionally assist stability authorized compliance and person accessibility by ensuring that every one privateness notices are clear, clear and simply comprehensible for customers.

  3. Implications of AI expertise. AI is not only the buzzword of the second; it’s seemingly one of many largest technological revolutions in human historical past. Generative AI and different sorts of machine studying are being carried out in numerous applied sciences, by almost all corporations and distributors of all types, at a speedy tempo. That implies that even when your organization just isn’t in a regulated trade, you’ll nonetheless have to fret about being regulated by any AI legal guidelines on the horizon.

The European Union took step one within the march towards AI regulation, with the EU Synthetic Intelligence Act taking impact throughout all 27 member states Aug. 1. Whereas some provisions are already lively, by 2026, most of this regulation’s provisions will go into drive.

Not desirous to fall behind, Congress has proposed federal laws, and the White Home and companies, such because the Federal Commerce Fee, the Securities and Change Fee and the Equal Employment Alternative Fee have supplied steerage on the subject.

Many states are being proactive, with Colorado and Illinois passing AI laws in 2024 that take impact in 2026. Moreover, on the finish of its 2024 legislative session, California handed quite a few AI payments.

The plethora of AI laws could have important world implications for corporations that develop, deploy or function AI programs—no matter the place they’re on the planet. Firms worldwide should spend money on AI governance; adapt their applied sciences to satisfy these regulatory requirements; and be sure that their AI programs are lawful, moral and reliable (or else face penalties and enterprise restrictions within the EU or different markets).

Even when your organization is utilizing AI not directly (e.g., by means of a third-party vendor) and never actively creating AI instruments, it’ll face unprecedented new calls for on this space. You may be obligated to explicitly define how you’re utilizing AI, implement an AI threat administration coverage, and carry out AI threat assessments.

These issues is not going to be unique to the authorized/privateness group. As an alternative, it requires a multidisciplinary AI group that brings collectively key enterprise stakeholders, authorized, IT, knowledge science, threat, data safety, advertising and different capabilities. As a GC, you might have to have the ability to perceive authorized’s function within the AI ecosystem and what you’re in the end obligated to do to satisfy compliance requirements.

Take into account versatile expertise who could make a direct affect

If you’re questioning whether or not your group has the bandwidth or experience to handle new and rising privateness calls for and you aren’t but prepared so as to add head rely, one possibility to contemplate is utilizing interim, or momentary, counsel. These attorneys can assist lighten your load, whether or not it’s for a particular mission or a versatile vary of time, bringing in specialised authorized experience as you get your arms round new privateness laws. A privateness lawyer can assist you rapidly assess privateness dangers, implement corrective measures, and practice your inner groups.

Along with a wealth of privateness and/or AI experience, interim counsel can usually hit the bottom working with out a lot help. They provide instant assist and strategic steerage for the long run—all with out the long-term dedication of a everlasting rent. That mentioned, when you’ve got an interim privateness lawyer that makes a stable addition to your group, you possibly can usually convert them to a everlasting worker down the highway.

Keep knowledgeable, agile and proactive

Getting ready your authorized group for the evolving privateness panorama is not only a matter of compliance—it’s a strategic necessity if you wish to keep forward of the curve. By educating your self on the modifications to return, defining roles and duties, and getting artistic with the way you construct your group, you’ll be poised to mitigate threat and emphasize your function as a trusted adviser to the enterprise.

Maureen Dry-Wasson is vp, group basic counsel and world privateness officer with the Allegis Group and Main, Lindsey & Africa. She has been an in-house lawyer for greater than 25 years and is a fellow of knowledge privateness with certifications from the Worldwide Affiliation of Privateness Professionals for AI governance privateness administration.

Iris Zuckerman is a managing director of consumer growth with Main, Lindsey & Africa’s interim authorized expertise group in Chicago, working with regulation companies and authorized departments to determine high-quality authorized expertise to tackle short-term, project-based engagements.

Thoughts Your Enterprise is a sequence of columns written by attorneys, authorized professionals and others throughout the authorized trade. The aim of those columns is to supply sensible steerage for attorneys on tips on how to run their practices, present details about the most recent traits in authorized expertise and the way it can assist attorneys work extra effectively, and methods for constructing a thriving enterprise.

Eager about contributing a column? Ship a question to [email protected].

This column displays the opinions of the creator and never essentially the views of the ABA Journal—or the American Bar Affiliation.