Consumer Privacy and Legal Risk: What to Look for in the Decade to Come

As the new year and decade begins, consumer privacy issues have never been more top of mind – especially with the impending enactment of the California Consumer Privacy Act (CCPA). This groundbreaking and sweeping legislation could be the gold standard around which other state and federal privacy laws are formed, but many corporations are taking a “wait and see” approach before addressing their data security and sharing issues and implementing changes. Although there may be a six-month grace period before California starts enforcing CCPA compliance, that doesn’t stop individuals and other federal agencies from filing lawsuits to protect consumer privacy.

Many credit the EU’s General Data Protection Regulation (GDPR) for sparking this new wave of privacy awareness in America, but that’s only part of the story. New laws that require compliance by certain dates get a lot of media attention, but they work in tandem with enforcement of older laws as they cover new technologies and new data breaches. Over the last 10 years, consumer privacy-related federal lawsuits for violations of the Fair Credit Reporting Act (FCRA) have increased by 150%. Similarly, there were eight times as many cases alleging a violation of the Telephone Consumer Protection Act (TCPA) – regulating infamous “robo-calls” – in 2018 than in 2009.

When the FCRA and the Fair Debt Collection Practices Act (FDCPA) were passed in the 1970s, financial information was stored on index cards and took a significant amount of time to compile and check. As such, these statutes were much harder to abuse. But with the explosion of data volumes in the digital age, the potential for data breaches has increased enormously, as has the potential for litigation. FULL ARTICLE