What You Need to Know About Data Privacy

Credit EligibleAs a BankInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

There is nothing smooth about navigating the tricky waters of data security and privacy on a global basis. Regulations vary and often conflict with one another.

In an exclusive interview, Brian Hengesbaugh, partner in the Chicago office of the law firm Baker & McKenzie, discusses:

Hengesbaugh provides advice to a wide range of global manufacturers, financial institutions, pharmaceutical companies, healthcare providers, sourcing providers, retail companies, online businesses and other organizations regarding the legal aspects of global privacy and data protection, data security, information technology and related restrictions on data collection and movement. He focuses on these issues in the context of: litigation, internal investigations and government inquiries; sourcing and corporate transactions; and global company operations and applications.

Formerly Special Counsel to the General Counsel of the U.S. Department of Commerce, Hengesbaugh played a key role in the development and implementation of the U.S. Government's domestic and international policy in the area of privacy and electronic commerce. In particular, he served as the lead attorney on the U.S. side negotiating the U.S.-EU Safe Harbor Privacy Arrangement. He also served as a U.S. delegate to the Electronic Commerce Working Group of the United Nations, where he helped negotiate the UN Model Law on Electronic Signatures.

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Healthcare Enews General Healthcare Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

TOM FIELD: What are some of today's top global data privacy issues? Hi, this is Tom Field, Editorial Director with Information Security Media Group. I'm talking today with Brian Hengesbaugh, a partner with Baker & McKenzie in Chicago.

BRIAN HENGESBAUGH: Great to be with you, Tom.

FIELD: Just to get us started, why don't you tell us a little bit about yourself and your work, please?

HENGESBAUGH: Thank you. Yes, I am a partner here with Baker & McKenzie. I'm in the Chicago office of Baker -- we're a large global law firm. I'm on the firm's global privacy steering committee, so among all the countries around the world, we have a handful of us who sit on a steering committee for the firm. Prior to joining Baker & McKenzie, I was with the U.S. Department of Commerce, where I was Special Counsel to the General Council. And among the things that I did there, I was the lead attorney negotiating the Safe Harbor Privacy Agreement with the European Union, on behalf of the U.S. government, negotiating with the European Commission, in particular, around the Safe Harbor privacy rules. It's one way for a U.S. company to address transfers of European data back to the United States.

FIELD: So, Brian, we talked about security and privacy issues up front; there are a few of them these days. What are the ones that you're currently tracking?

HENGESBAUGH: Well, looking first at the States, you have to say that the biggest thing moving, still, in the United States, is data security breach notification. So, if a company loses Social Security numbers, or credit card numbers, other types of sensitive data, there is an obligation to notify affected individuals, as well as state agencies, and others. It's a very big dollar value issue. The Ponemon Institute estimates that the cost of the data security breach is around $204 per record, which translates to about $6.65 million per incident, itself. So, real money, and not just liability issues, but reputational issues for companies. So, that's, by far, the biggest issue in the States, and as these things go, other countries are starting to adopt data security breach laws, as well. So, that is something to watch. Outside the United States, I think the biggest thing moving is this proliferation of privacy laws. So, for years now we have been dealing with the fact that the European Union has some pretty strict privacy laws. But, now we are starting to see them increasingly in Latin America. So, Argentina has had quite a rigorous privacy law for a couple of years now, Chile, and just a couple of weeks ago, Mexico adopted a privacy law. In Asia, interesting developments: China just adopted a privacy law, which is kind of interesting. China, for years, we have known, the government is all concerned about encryption and making sure that data doesn't come into the company that they can't see, and now it looks like they are also getting into adopting privacy rules for citizens, in Malaysia, and elsewhere.

FIELD: Well, Brian, you're headed into an area that I want to talk to you about, which is global data privacy. What do you find to be the greatest challenges now for U.S.-based organizations?