Early last year, I wrote this:
Personal data privacy is an interesting issue for lawyers. For some, it’s part of their corporate practice. For most, it’s a confusing technological jumble, something they want to trust to someone else.
Interestingly, it was in the context of how the Obama administration was proposing a data privacy “bill of rights.” There wasn’t a lot of debate about this last year; perhaps the issue didn’t gain traction in an election year.
But it is now.
Putting aside political issues, in-house counsel and their key outside advisors will certainly be more involved with privacy issues this year. Here are a few that could appear at the top of the list:
1. Who is watching the watchers? A perennial risk issue for in-house counsel is the very IT department relied on to track, collect, and present potential risk inflection points. One of the most insidious parts of the Snowden case is that he was part of an IT group tasked with monitoring network use and security. And he apparently used a thumb drive! Whatever you think about what he did, he has put many people under a microscope; 99.99%+ of whom are professional and trustworthy. (But there are allegedly 1.4 million people with a Top Secret security clearance!)
2. Lawyers are put in a secrecy bind. Companies that receive secret orders from the FISA court cannot legally disclose them. Google has led the charge to obtain permission to disclose more information about these orders and their responses. Observers have noted that it is not in the global business interests of U.S.-based tech companies to operate under this cloud (broad government-mandated data collection) when they are trying to market that cloud (trust us virtually with your data).
3. Lawyers may not be in the loop. There is a report from Bloomberg this morning that some data-sharing “interactions” between the government and tech companies may be conducted on a “need to know” basis. It’s not clear that this would always involve company lawyers.
4. For all the focus on government data collection; watch the private sector. When President Obama first commented briefly on the Snowden disclosures (but before Snowden outed himself), he really didn’t (couldn’t?) say much at all. He did refer to the legality of government programs, and the challenges in balancing privacy and national security. He also noted that private companies collect a lot of data too, which sort of starts a shift in focus to what private companies do with customer data. If the public really understood how their purchase patterns and Internet usage was being monitored and aggregated, it might provoke more of an outcry.
5. Lawyers may not be the answer; some will certainly be asking the questions. One person who will likely have a big part in this unfolding story is James Comey. Reports say he is likely to be nominated as the new FBI director. He is a former Deputy Attorney General; and also later a General Counsel. He almost resigned his position in the Justice Department over some strong-arm tactics intended to certify certain surveillance activities as legal under the nascent Patriot Act. If you want to understand his resume, you can find it online. If you want to see one major reason for his nomination, you can watch it here:
I hope Mr. Comey gets the call and answers it.
We were taught early in the first year of law school the lesson in the cartoon below. A modern corollary to that rule for lawyers might be “ignorance of data privacy is not an option.” Both for our clients, our law practices or businesses, and even ourselves.