Despite some discernible progress in privacy protection since the European Union's General Data Protection Regulation (GDPR) was enacted one year ago, in America it’s practically non-existent. In a Microsoft blog post, Corporate VP & Deputy General Counsel, Julie Brill recounted the progress that has been made since GDPR’s adoption, concluding with a predictable call for further progress to be made in the year to come, including adoption of uniform federal legislation similar to the EU GDPR.
GDPR is “a ground-breaking privacy framework that empowers residents of the EU to control their personal information so they can use digital technologies to engage freely and safely with each other and with the world.” And while GDPR protections were also adopted in many other countries worldwide, including Brazil, China, India, Japan, South Korea and Thailand, the United States is noticeably missing from requiring similar protections for its citizens.
Ms. Brill notes that Microsoft’s own pioneering adoption of GDPR protections for its customers, are being used by “18 million people from around the world…to manage their personal information.” She also points out the country with the highest engagement is the U.S. at 6.7 million. However, with a population of nearly 330 million, that amounts to about 2% of all Americans. Thus, nearly 98% of Americans are not using the Microsoft privacy protection platform, and Microsoft is the platform privacy leader.
Ms Brill goes on to explain how Microsoft has made progress in protecting privacy, announced new steps to increase transparency regarding data collection and developed new privacy tools. And then it dawned on us. When was the last time we saw a law firm announce rich bold steps to secure confidential client data and information?
The answer is, there isn’t a last time, though hopefully firms are doing so without fanfare. We suspect the vast majority of law firms in America are making some effort to protect their client’s sensitive information.
With that in mind, here are several suggestions to start improving privacy protection protocols:
- Onboard all new clients to a cyber and info -security platform that includes full data encryption, differential sharing, differential access, and monitoring, cradle-to- grave.
- Take the opportunity to do the same for existing clients, protecting all existing clients and matters with cyber and info-security protocols, tools, and software, along with attorney-client interactive training on security tools.
- Do the same with third party vendors. New vendors who share confidential information should be onboarded within a full cyber and info-security platform, and existing vendors should be required to do the same within a mutually agreed timeframe…because, as we know, lawyers may well be responsible for the data and info-security breaches of their entrusted vendors that negatively impact their clients.
Finally, announce all of this in the firm newsletter and make a rich, bold commitment to becoming leaders in cyber and info-security. Only in this way will a big enough wave movement sweep across America to provide our citizens the level of privacy protection they deserve, while legal professionals become leaders rather than bedraggled followers. While Ms. Brill stated, “Now it is time for Congress to take inspiration from the rest of the world and enact federal legislation that extends the privacy protection of GDPR”, we would add: “with the legal profession not only doing its part, but leading the way to enhanced privacy protections for all Americans.”