Until 2018, Americans enjoyed far less protection for the privacy of their personal information than our European counterparts for whom privacy is a human right. It took fifteen years for all the states to follow California’s first data breach reporting statute-and Congress still has not enacted a common standard despite many headline data security breaches-including by foreign actors.
As online commerce developed, American consumer advocates argued for the “opting in consent” of European Union (EU) personal data protection. Arguably, U.S. Internet companies prospered compared to their EU counterparts because of the differential regulation-American acceptance of “click-to-agree contracts” with “opt-out” terms, with limited remedies under the Federal Trade Commission’s jurisdiction over deceptive interstate practices. As the EU’s General Data Protection Regulation came into effect in 2018, implementing FIPs, with many privacy professionals advising multinational companies on compliance in dealing with EU consumers and consumer advocates seeking parity, some of the FIPs found their way into the California Consumer Privacy Act. More than a dozen states have followed with similar “comprehensive” privacy/security statutes. Massachusetts and Congress have considered but not yet enacted similar statutes.
Massachusetts and other states with which we trade have also enacted laws particularly to protect “sensitive” information, including biometric information, and have begun to legislate protections against misuse of “artificial intelligence” as deepfake (image and voice) impersonation and unfairly biased profiling by automated decision-making. Some of these laws have allowed for private enforcement resulting in sometimes coercive class actions. Here again, Congress has not yet acted, and ultimately the states may again follow the lead of the EU in regulating the “digital economy,” including automated decision systems such as “artificial intelligence.”
Join us for a review of the sources and application of current and expected data privacy and security law relevant to lawyers, compliance professionals, and their clients
As online commerce developed, American consumer advocates argued for the “opting in consent” of European Union (EU) personal data protection. Arguably, U.S. Internet companies prospered compared to their EU counterparts because of the differential regulation-American acceptance of “click-to-agree contracts” with “opt-out” terms, with limited remedies under the Federal Trade Commission’s jurisdiction over deceptive interstate practices. As the EU’s General Data Protection Regulation came into effect in 2018, implementing FIPs, with many privacy professionals advising multinational companies on compliance in dealing with EU consumers and consumer advocates seeking parity, some of the FIPs found their way into the California Consumer Privacy Act. More than a dozen states have followed with similar “comprehensive” privacy/security statutes. Massachusetts and Congress have considered but not yet enacted similar statutes.
Massachusetts and other states with which we trade have also enacted laws particularly to protect “sensitive” information, including biometric information, and have begun to legislate protections against misuse of “artificial intelligence” as deepfake (image and voice) impersonation and unfairly biased profiling by automated decision-making. Some of these laws have allowed for private enforcement resulting in sometimes coercive class actions. Here again, Congress has not yet acted, and ultimately the states may again follow the lead of the EU in regulating the “digital economy,” including automated decision systems such as “artificial intelligence.”
Join us for a review of the sources and application of current and expected data privacy and security law relevant to lawyers, compliance professionals, and their clients
Course Content
9:30 - 10:00 am - Legal Frameworks for Data Privacy and SecurityStephen Y. Chow, Esq.,
Stephen Y. Chow, PC, Boston
10:00 - 10:30 am - Identification and Mitigation of Vulnerabilities
Sectoral (vertical) considerations Process
(horizontal) considerations
Ellen M. Giblin, Esq.,
Privacy Hub LLC, Marblehead
Stephen Y. Chow, Esq.,
Stephen Y. Chow, PC, Boston
10:30 - 11:00 am - Compliance: Internal Management, Audits, User Terms and Business Associate Arrangements
Ellen M. Giblin, Esq.,
Privacy Hub LLC, Marblehead
Kent D.B. Sinclair, Esq.,
Sinclair Law LLC, Beverly
11:00 - 11:55 am - Private and Governmental Enforcement Considerations Including ADR
Stephen Y. Chow, Esq.,
Stephen Y. Chow, PC, Boston
Jared Rinehimer, Esq.,
Data Privacy and Security Division, Office of the Attorney General of MA, Boston
Kent D.B. Sinclair, Esq.,
Sinclair Law LLC, Beverly
11:55 - 12:10 pm - Legislative Outlook
12:10 - 12:30 pm - 'Ask the Experts' Q&A Session and Key Takeaways
Speaker(s)
FacultyStephen Y. Chow, Esq.,
Stephen Y. Chow, PC, Boston
Ellen M. Giblin, Esq.,
Privacy Hub LLC, Marblehead
Jared Rinehimer, Esq.,
Data Privacy and Security Division, Office of the Attorney General of MA, Boston
Kent D.B. Sinclair, Esq.,
Sinclair Law LLC, Beverly
