DataGrail recently interviewed Susan Lyon-Hintze, Founder and Managing Partner at Hintze Law PLLC, to bring you insights from a leading legal professional in the field of data privacy.
DG: GDPR received a ton of publicity last year; however, many companies are not as aware of upcoming regulations like CCPA that may have a greater impact on domestic business. How can privacy professionals mobilize their teams better to place as much emphasis on upcoming regulations?
SLH: Raise awareness about new privacy developments early and often. Advocate for funding and resources as soon as you know about new laws that will impact processes and procedures.
DG: What are the benefits and challenges that could come with federal privacy regulation?
SLH: The main benefit for companies will be avoiding a patchwork of laws with different requirements that are difficult or impossible to operationalize. A longer term benefit of federal privacy regulation, if done right, will be to move the U.S. closer to the type of comprehensive laws that will improve trade relations and help enable better global transfer and flow of data. The main challenge will be developing a law that balances the concerns and interests not just between industry and consumers but also the competing concerns and interests among different industry groups. Tech companies will be more supportive of an approach similar to GDPR but other companies that are less global or already subject to less restrictive laws will be more reluctant.
DG: If you could give ONE piece of advice to clients on handling changing regulations in the current privacy landscape, what would it be?
SLH: Follow trends but be prepared for the unknown – build processes and systems that focus on best practices but are flexible enough to change quickly to handle the unexpected.
DG: What’s the most common mistake or misperceptions you seen when it comes to data privacy and security?
SLH: Many in the industry still have a hard time understanding the full scope of what is considered personal data. I still hear people say they don’t understand that unique IDs and location information are personal data under many laws. Another common misperception is that publicly available personal data is somehow exempt when under the vast majority of data protection laws there is no such exception.
DG: What is your favorite part of working in the legal space, specifically covering data privacy practices?
SLH: The fun parts for me are when I get to problem solve with the client to build a custom solution tailored to address their particular technology and business goals and the expectations of the data subjects. Getting to win-win is a great feeling.
DG: Currently, what are the best resources out there to stay on top of ever-changing and evolving privacy regulations and how businesses can best adapt?
SLH: There are a lot of blogs by law firms and industry associations that most people already know about. But one source that keeps me on top of the most current developments and emerging privacy threats is a carefully curated Twitter feed. I leave out politics and entertainment from my follows and laser focus on privacy and data security content @slhintze