INTRODUCTION

Five years ago few legal departments were concerned with – let alone focused on – data privacy or security. Most of those that were aware of the terms assumed that these were issues being handled by IT, HR, or marketing departments.

The world has changed. Data privacy class action litigation has erupted and data security breaches dominate the headlines. It is now well accepted that data privacy and data security issues threaten the reputation, profitability, and, sometimes, the operational survival of organizations. It is therefore perhaps not surprising to find that in almost every survey conducted of boards and senior management, data issues rank as one of their three top concerns, if not their single greatest concern. With that backdrop, organizations increasingly look to general counsel to manage data privacy and security risks.

The result has been that many in-house attorneys unexpectedly find themselves responsible for a topic about which they have little experience or training. Coming up-to-speed can be difficult. There are well over 200 laws (just in the United States) that have data privacy and security implications. Whereas very few (if any) law schools offered a single data privacy and security course fifteen years ago, the topic has now matured into its own field of study and field of practice. It's simply not possible to sit down and read a single statute to get caught up.

When we published this handbook for the first time in 2016 in conjunction with the Washington Legal Foundation it received an overwhelming response. In less than a year it had been downloaded by over 3,500 in-house attorneys. Last year’s edition saw that number nearly double to over 6,000 attorneys. We are extremely proud of the fact that the handbook has become a desk reference for in-house attorneys worldwide.

The 2018 version includes updates to most sections to account for changes in the law and includes a number of new sections dealing with topics that have grown in popularity, or entered the data privacy and security scene. As with our prior versions, the discussion under each topic is not intended to be a legal treatise. Instead, each section provides a straight-forward overview of the law relevant to that topic, statistics to help understand the issue and benchmark its importance, and a functional list of bullet points or questions to immediately break down an issue. We hope that the handbook provides useful and practical guidance when addressing data-related issues.