In 2018, data privacy and cyber breaches made headlines throughout the year.
Major companies continued to suffer data breaches, highlighting the risks and potential costs of cyber incidents across industries. At the same time, a growing and overlapping thicket of data security and privacy regulations—within the U.S., European Union, Latin America, and elsewhere—continued to increase compliance costs and regulatory risks. This memo surveys some of the key cybersecurity and data privacy developments of 2018, including the major data breaches and cyberattacks, regulatory and legislative actions, and notable settlements and court decisions.
In addition, we identify some key takeaways from 2018, which include the importance of rapid response and timely disclosure, cyber diligence in M&A transactions, effective management of third-party vendor risk, and protecting privilege. We also highlight key areas to watch in 2019, including GDPR enforcement, efforts to pass a U.S. federal privacy law, responses and potential changes to California’s new privacy law, the adoption of comprehensive privacy laws in more U.S. states and non-U.S. jurisdictions, and heightened U.S. litigation and enforcement risk. Data security and privacy will undoubtedly remain a priority for boards and senior management, as well as regulators and enforcement authorities.
This article was republished as, “Cleary Gottlieb Reviews 2018 Cybersecurity and Data Privacy Developments,” on February 6, 2019, by The Columbia Law School Blue Sky Blog.