The legal implications of global data privacy laws were brought into sharp focus recently by the results of a survey undertaken by the privacy compliance technology company TrustArc. The 327 respondents comprised individuals from firms in the United States, Canada, and the EU. They specialized in a wide variety of fields, including government, financial, and telecommunications.
The biggest takeaway was that law firms are still struggling to grapple with the many data privacy laws that govern their respective jurisdictions. Before we unpack the legal implications of the global rules, let’s delve a little deeper into the survey responses.
Survey Reveals Challenge Law Firms Face in Complying with Data Laws
Respondents of the TrustArc survey revealed that data privacy compliance is becoming a delicate juggling act as they seek to abide by legislation such as the EU’s General Data Protection Regulation (GDPR).
EU respondents (45%) indicated they were complying with between two and five laws, with U.S. firms stating a similar amount (37%). But only 28% of EU based responses indicated that they were focused exclusively on a single law, whereas 9% of U.S. respondents said the same.
Perhaps the most startling statistic was that 15% of U.S. firms are trying to comply with 50 or more privacy laws, compared with just 2% of EU respondents. These results indicate the American state-by-state approach, which can prove more challenging for companies to adhere to new privacy laws.
What Effect Are the Laws Having on Legal Practices?
In terms of on-the-ground operations, the majority of the laws have enforced the continual development of website documents. About 77% of American companies and 85% of EU entities had admitted to updating their website privacy policies at least once during the last 12 months. Similarly, cookie policy updates took the second spot, with 44% and 56% respectively.
So why are these laws, many of which were enacted back in 2018, causing continued problems for law firms? Why do the legal implications of these laws continue to have such an operational impact?
Legal Implications of Data Privacy Laws Continue to Evolve
CEO of TrustArc Chris Babel believes these compliance laws are still having such an impact for two reasons. First, some firms have realized that they were never compliant in the first place, and are now rectifying the situation. Whereas others are merely reacting to guidance received from regulatory bodies when the laws themselves are updated and amended.
However, for more complex laws such as GDPR and the California Consumer Privacy Act (CCPA), law firms are still navigating their first attempt at becoming fully compliant, despite having already had the best part of 2 years to do so.
The other major impact on law firms is their level of data retention. Regardless of territory, many respondents said they were proactively reducing the amount of personal data they hold on their clients, as well as reducing the period for which they retain it.
But while this may help companies today, it could cause issues for companies going through the e-discovery process for aged or archived cases in the future. Overall, these results have revealed that data privacy laws will continue to influence how law firms operate long into the 2020s and beyond.
Thanks for reading! If you enjoyed this article, let us know in the comments and feel free to share it on social media! Please contact us with any questions or concerns. At First Legal, we’re here for you from File Thru Trial™!