Webinar Recap: Technology Companies’ Guide to Data Privacy

July 2019

By Sangeet Rajan, Managing Director, Data & Information Governance Practice at BDO and Steve Bunnell, Partner, Co-Chair Data Security & Privacy Practice at O’Melveny


Tech companies are increasingly facing reputational risk, enhanced scrutiny and legal and financial consequences for mismanaging consumer data. A recent BDO webinar, “Tech Companies’ Guide to Data Privacy,” explored what technology companies can do to identify and mitigate their organization’s data privacy risks. Here are a few of the key takeaways.



Setting the stage – why should tech companies prioritize data privacy now?

There are a myriad of reasons, most notably:

Digitalization and Personalization: Data is the lifeblood of an increasingly digital economy. Increased digitalization and personalization leveraging user data has made our world more connected and convenient. However, this can come at, literally, a significant cost. Personal data is a prime target for cybercriminals. It has real monetary value on the dark web. Banking credentials, health information, drivers licenses, credit cards, social media, social security and other personal data can be bought and sold on the dark web. The prices per record range from $10-12 dollars for credit card information to $1,000 plus for banking credentials. This makes technology companies, retailers, hospitals, health care providers, insurance companies and financial institutions prime targets—no industry is immune.

Shifting Consumer Sentiment: Recent news of high-profile data breaches and data misuse, such as U.S. election tampering, has impacted consumer attitudes towards personal data collection and use by companies. There’s been a steady and significant shift in U.S. consumer sentiment towards a more conservative data privacy policy: SAS reports that 73 percent of consumers say their concern over privacy of personal data has increased in the last few years. And they’re taking action: 66 percent of consumers have changed privacy settings, removed a social media account or declined terms of service. Consumers expect companies to do more to protect their data privacy.

Increased Regulatory Scrutiny: Regulators have taken up the cause and passed a flurry of data privacy regulations in reaction to data breaches. The General Data Protection Regulation (GDPR) and California Consumer Protection Act (CCPA) being recent examples, with many other U.S. states also considering their own version of privacy legislation.

Innovative New Uses of Data: The new data privacy laws are coming about as technology companies continue to find new and innovative uses of personal information. The proliferation of artificial intelligence and machine learning applications to collect and analyze consumer data is a double-edged sword without fully established data privacy and security controls. If this technology is used properly, it enables organizations to make more meaningful business decisions, but in the wrong hands, and if breaches go undetected, this technology becomes a weapon and can create untold operational chaos.