Best practices for identifying and managing local and global legal risks

Companies are gathering data … from everywhere. They track website behavior, monitor social media feeds, and follow their customers’ digital smartphone trail. Even historically “dumb” devices are getting smart about data and collecting and transmitting it.

For a company, this data is immensely valuable. It can help you improve your products, improve customer service, aid in repairs or recalls, monitor customer feedback and identify trends.

But risks and responsibilities come along with these opportunities, says David M. Wilson, an attorney at Kegler, Brown, Hill + Ritter. Companies need to understand whether they have the right to use the data, and whether there are privacy or security obligations related to collecting, using or storing the data.

“Today, the legal framework is a global patchwork of ever-changing laws and regulations cobbled together from various sources, including governments, industry groups, and platform providers like Facebook, Twitter and Google,” Wilson says. “Data flows like water, but much faster and with fewer physical constraints.”

This means that companies must understand how they are collecting data, what they are doing with it, and what the consequences may be to storing, transmitting or analyzing that data. A company’s activities, as well as the activities of their vendors, partners and customers, may trigger legal and regulatory requirements across many jurisdictions.

Smart Business spoke with Wilson about how companies can understand whether they have the right to use certain data for certain purposes, and how to comply with the evolving landscape of laws and regulations.

What is meant by the term big data?

Generally, big data refers to data sets of such a large size that better conclusions might be drawn from analysis of such data than with statistical sampling. Big data is intriguing because it provides an opportunity to test traditional assumptions, employ smarter strategies and make better decisions. Once relegated to industrial supercomputers, advances in technology and dispersion of low-cost networkable devices have made big data relevant and accessible to all businesses.

How can companies ensure data collection complies with laws and regulations?

An important first step is for the company to clearly understand what information it will collect, how it will be collected, and how the company will use and share it. Conversations between the marketing, finance, operations and technical teams are critical to ensure that everyone understands the answers to these questions. These conversations should result in a written description of the type of information that will be collected, how it will be collected, and how it will be used and shared. These descriptions can then be used to draft the applicable disclosures and to obtain any needed consent.

How can companies ensure the rights they have in the data are broad enough?

This is a critical question and it relates back to an even larger questions: Who owns the data in the first place? And perhaps more importantly, what is the data subject’s expectation? The issues are not only legal, but there are meaningful and evolving cultural expectations as well. ‘Culture eats strategy for breakfast’ — Peter Drucker may not have been thinking about big data when he coined the phrase, but it applies. When you are the collector, a simple best practice is to ensure you properly disclose how you will collect and use the data, and then obtain consent to the use of such data.

Take the example of inBloom, a $100 million startup nonprofit providing open source software for schools to organize, store and analyze student data in the cloud. The services inBloom provides could revolutionize education by providing teachers with a complete picture of what students learned, enabling them to identify relationships and patterns. Certain groups raised concerns about a ‘third party’ gathering and storing student academic information in the cloud. Almost overnight, most of inBloom’s state partners abandoned the project because of the cultural discomfort with having sensitive student information on private servers. The groundswell of privacy concerns may be the death knell to the fledgling startup despite a well-articulated technology strategy and positive nonprofit mission.

David M. Wilson is an attorney at Kegler Brown Hill + Ritter. Reach him at (614) 462-5406, @DwilsonJDMBA or [email protected].

Insights Legal Affairs is brought to you by Kegler Brown Hill + Ritter

Leave a Reply

Your email address will not be published. Required fields are marked *