S. Christopher (Kit) Winter Authors Series of Inside Counsel Articles on Information Privacy, Data Security

S. Christopher (Kit) Winter, a Los Angeles-based member in Dykema’s Litigation practice, is authoring a series of articles for Inside Counsel that addresses one of the most rapidly-evolving and complex areas of the law: the challenges (both legal and business-related)  that concern information privacy and data security.

Technology: Five Reasons Privacy Isn’t as Bad as You Think

Winter kicked off this series on January 10, 2014, with an article titled, “Technology: Five Reasons Privacy Isn’t as Bad as You Think.” In this piece, Winter acknowledges that because the consequences of “shortchanging privacy and data security can be serious,” it’s easy for clients to become unduly “overwhelmed, panicked or confused” when examining their internal processes and procedures. To help quell unnecessary anxieties, Winter offers several points of reassurance:

• Most consumer data has little or no monetary value.
• Absent identity theft, plaintiffs are having trouble establishing cognizable harm when their credit card numbers are stolen.
• You may already be compliant.

Technology: Five (Relatively) Easy Ways to Improve Your Privacy Practices in 2014

Winter’s next installment in this series appeared in the January 21, 2014 issue of Inside Counsel. Themed “Technology: Five (Relatively) Easy Ways to Improve Your Privacy Practices in 2014,” the author outlines a handful of suggestions that are—in his words—both “scalable” (so readers can start small) and “relatively self-contained” (so they can be implemented without wholesale changes to existing policies or procedures).

Among the actions Winter advises clients take:

• Check your contracts to ensure that vendors, consultants, service providers and other outside parties are using best practices when it comes to collecting, storing, using transmitting and ultimately destroying personally identifying information (PII).
• Have an up-to-date policy for data retention/destruction, and define a compliance process so that information can be kept secure over time. Winter acknowledges that a great data retention protocol not only identifies who is responsible for its execution, but how retention/destruction will be performed.
• Have a crisis plan that can be quickly put into effect when critical PII is lost, stolen or misplaced. Winter advises that it’s not only necessary to have such a plan, but to conduct drills to test response.

Technology: The Demise of the Reasonable Person

The third article in Winter’s series ran in the February 21, 2014 issue of Inside Counsel. Titled “Technology: The Demise of the Reasonable Person,” the piece focuses on the 2012 framework for privacy policy, Consumer Data Privacy in a Networked World (the Framework), advanced by President Obama’s administration. A key inclusion in this Framework is a seven-point “Consumer Privacy Bill of Rights” that, Winter notes, “removes the limits that the ‘reasonable standard’ would otherwise apply.”

Winter observes that companies that “collect, analyze, use and store” consumer data should be pleased with this shift away from the reasonable person standard. Winter notes, however, that the standards advanced in this Framework lack any enforcement mechanism and could well turn out to be—in time—unworkable.