August 24, 2019

August 23, 2019

Subscribe to Latest Legal News and Analysis

August 22, 2019

Subscribe to Latest Legal News and Analysis

August 21, 2019

Subscribe to Latest Legal News and Analysis

Tech Company Execs Sweat Personal Liability for Privacy Violations

In the Privacy Law classes I teach in the Brown University Executive Masters of Cybersecurity and at Roger Williams University School of Law, we discuss the enforcement authority that the Federal Trade Commission (FTC), the Office for Civil Rights (OCR) and other federal and state agencies have over data privacy and security, including how effective the enforcement has been over the past decade. In the wake of massive data breaches, my classes uniformly are of the opinion that the present enforcement scheme is not a big enough stick to deter big tech companies from collecting, selling and monetizing data.

Recently, members of the FTC have publicly lamented that this is true. What look like large fines against tech companies that have violated consumers’ privacy are often not sufficient to act as deterrents, such as the $5.7 million levied against Musical.ly (or TikTok), which was less than 1% of the parent company’s annual revenue, and therefore inconsequential to company executives.

According to one member of Congress, “for large companies, fines are simply a cost of doing business.” This is consistent with my classes’ conclusion. Facebook is poised to pay a significant fine and has set aside $3-5 billion (yes, that’s with a “b”) to pay for various alleged privacy violations. Many observers have opined that this is a drop in the bucket for Facebook, and is not enough to change behavior.

Perhaps the private right of action in the California Consumer Privacy Act, which takes effect in 2020, will change tech companies thoughts about privacy violations. Congress is looking into how the FTC and other agencies can regulate the big tech companies, and candidates for the Presidency have gotten into the fray, with one declaring that the tech companies should be broken up. The FTC has publicly stated that it is looking into assessing personal fines against company executives as a way to encourage compliance.

No matter how this shakes out—and it will—the present discourse should be enough for tech company execs to be concerned about personal liability. Executives may want to start focusing on the organization’s data privacy and security plan, and making policy decisions on its implementation a top priority.

Copyright © 2019 Robinson & Cole LLP. All rights reserved.

TRENDING LEGAL ANALYSIS


About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence
Partner

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...

401-709-3353