What will keep IT, info sec and legal teams up at night in 2020? Data. Across privacy legislation, compliance and security, data in its many forms and massive volumes is bringing new and heightened risk to companies of all sizes.
Corporations are beginning to realize that data-related risk can show up in many areas of their business. Information governance issues are not limited to just compliance, or IT, legal, or privacy—but rather touch every function and business unit. In 2020, we’ll see an increasing number of companies resolve to tackle IG holistically, driven by directive and budget allocation from executive leadership. With this, initiatives that involve key stakeholders from across many business units will be surfaced and prioritized for execution. Alongside this progress, industry experts expect data challenges to shape business practices in a number of areas.
Predictions for what my fellow FTI Technology colleagues and I expect to see in the coming year include:
- “Healthcare and patient data is going to dominate the data privacy headlines in 2020, as Big Tech expands into healthcare and medical records analytics. Healthcare providers that adopt new vendors and apps for medical records will find it increasingly difficult to balance easy access to patient data with protecting patient privacy. Careful review of vendor contracts and business associate agreements with providers of cloud storage and medical record apps will be essential—and healthcare institutions that go even further by revamping information governance programs will be far more prepared to address the emerging data privacy landscape in the U.S.” – Rena Verma, Senior Managing Director
- “Over the last two years, data privacy laws have forced companies to think more critically about their data, primarily from a risk and compliance standpoint. The knock-on effect that we’ll see in the new year will be companies thinking more critically about their data from an opportunity standpoint in addition to risk. When data is better understood, better catalogued, better managed, etc., it can ultimately be better leveraged as a valuable business asset. Organizations that approach data privacy compliance with this mindset will be strongly positioned. Those that don’t will be left behind.” – Eric Pender, Director
- “Consumers are going to be more aware of how their data is being used and increasingly ready to exercise the new rights and controls they have over it. While the massive data breaches seem to be slowing down, consumer concerns around privacy are on the rise. This will lead to an increase in data subject access requests, right of action claims and other activity related to consumer privacy rights.” – Deana Uhl, Senior Director
- “With the California Consumer Privacy Act coming into force, organizations are going to feel the pinch for resources needed to comply. This will include large companies spending in the range of $1-2 million on establishing and maintaining compliance.” – T. Sean Kelly, Senior Director
- “The new year will mark a major shift in data privacy law in the U.S., with the activation of the California Consumer Privacy Act (CCPA). On the heels of GDPR, the inflection point of this shift, CCPA will ultimately bring an end to the ‘wild wild west’ of data management. Data will continue to be a highly valuable resource, but with limits. Costs and risks associated with managing data in compliance with privacy laws are certainly increasing, but in 2020 we’ll see proactive companies—ones that know what data they have, how they use it, where it exists and who has access to it—gaining a competitive advantage on this front.” –Pender
- “In the wake of privacy laws and data misuse scandals, social media companies have tightened their grip on programmatic access to the consumer data they collect and store. The disruption this has wrought on the advertising industry has been widely reported—but these policies affect e-discovery as well. In 2020, I think we’ll see an increasing number of e-discovery matters in which efficient data collection will be hindered by new access restrictions among social media companies.” – Tim Anderson, Managing Director
- “The lines between personal and business communications have been forever blurred, leaving many uncertain about whether personal devices are safe from company collection and e-discovery. Alongside this shift is the increasing use of ephemeral messaging applications like Signal, Telegraph and What’s App, creating even more risk for regulated organizations. Organizations will need to revise their mobile device management and legal hold policies and solutions, or face potentially harsh repercussions.” – Kelly
- “Privacy and security will play into every new technology that comes out in the next year. While that is a good thing for consumers and individuals, computer forensic investigators are going to run up against some obstacles in how these changes impact their ability to collect data for investigations. Trusted technologies for preserving digital evidence will need to be revamped and rethought. Companies need to keep this in mind as it will impact what data they can copy from mobile devices, social media sites and a wide array of other sources.” – Dan Roffman, Senior Managing Director
- “Email will be increasingly displaced in favor of collaboration suites, messaging platforms and other apps that enable easy communication between employees and with customers. This will impact forensic investigators and e-discovery teams that need to access records for litigation and investigations. Likewise, disappearing messages—from apps like Wickr, Signal and Telegram—are popular among workers for their privacy, security and encryption features. But they are also enticing employees to overshare, which can lead to all sorts of data retention issues and compliance risk for corporations. On this front, I expect we’ll see ephemeral messaging play some sort of a major role in a high profile litigation or political process in the coming year.” – Roffman