2018 was a landmark year in terms of impact to corporate data practices and compliance. The activation of Europe’s General Data Protection Regulation (GDPR) on May 25 was felt around the world, and a number of follow-on regional regulations are expected to be put into place in the coming months.
Enforcement began to ramp up and alongside that activity, and U.S. states--California was the first with its Calfornia Consumer Privacy Act of 2018--passed or began drafting cyber-security and data privacy legislation that will further change the way corporations can collect, store and process sensitive data.
New major data breaches made headlines. Advanced data analytics gained wider adoption, new applications for AI emerged and blockchain continued to disrupt. In light of the wave of change that occurred in 2018, experts from FTI Consulting shared their thoughts and predictions with eWEEK in this Data Points article for what they expect to come in 2019.
Data Point Prediction No. 1: Global uptick in class-action lawsuits stemming from data breaches.
“While historically the legal community in Europe has not been as aggressive as in the U.S. with regard to pursuing class-action lawsuits stemming from data breaches, this is going to change under GDPR. As demonstrated by the recent airline breach, we’re going to see more attorneys in Europe and the UK work to bring legal action against corporations that experience data breaches or violate GDPR guidelines. The impact of these lawsuits will likely be more severe and longer-lasting than any financial sanctions imposed by data protection authorities.” – Louise Rains, Managing Director, and Deana Uhl, Senior Director
Data Point Prediction No. 2: Authorities in Europe will be inundated.
“2019 will bring a tsunami of privacy complaints and requests, which will overwhelm data protection authorities in many jurisdictions. This may lead to delays in enforcement or prioritization of actions against the biggest offenders and largest corporations.” – Sonia Cheng, Managing Director
Data Point Prediction No. 3: Breach of data protection laws may be used as leverage in other matters.
“Data protection authorities now have much more power and oversight to investigate and correct issues relating to data privacy than ever before. We’re likely to see an increase in whistleblowing activity that is aimed at using GDPR violation to influence other legal matters, such as employment litigation, union negotiations, etc.” – Nina Bryant, Director
“Any organization that is involved in an ongoing dispute may find that opposing parties now have more incentive to notify authorities of potential non-compliance or GDPR infringement, to damage the organization’s reputation or otherwise weaken its position.” – Brendan Gilbert, Director
Data Point Prediction No. 4: Regulators will cooperate for GDPR enforcement.
“Early enforcement actions we’ve seen under GDPR have involved several regulatory bodies, all working together with the data protection authority to investigate claims and bring enforcement on multiple fronts. We expect to see more of this type of cooperation in the coming year.” – Brendan Gilbert, Director
“It’s very likely that regulator cooperation will happen most in industries like health care, pharma and financial services, where regulators are already extremely active. We expect to see increasing cooperation between multiple regulators, federal agencies and EU data protection authorities to investigate and enforce data privacy principles.” – Nina Bryant, Director
Data Point Prediction No. 5: Territorial scope will begin to hit home for many corporations.
“An organization does not need to have a physical presence in Europe to be impacted by the GDPR. Some companies have been reluctant to accept that they may be penalized under GDPR, relying on the fact that they are not based in Europe as justification for non-compliance. But recent sanctions against companies in Canada have demonstrated that regulators will indeed enforce their authority under territorial scope, and any corporation with a footprint in Europe, whether they are physically there or not, needs to be prepared.” – Louise Rains, Managing Director, and Deana Uhl, Senior Director
Data Point Prediction No. 6: Defensible disposal will become a priority.
"The concept of defensible data disposal will transition from a pipe dream to a reality for many organizations in the coming year. We’ll see more cross-functional teams begin to drive and effectuate disposal and data remediation programs to comply with data protection regulations and strengthen their legal posture.” – Sonia Cheng, Managing Director
Data Point Prediction No. 7: Data from wearables and smart devices will take center stage in litigation.
“There will be an uptick in legal matters that challenge privacy issues from consumer level smart devices and wearables. While most of these challenges will occur on criminal matters where evidence is needed, we expect that that civil litigators will take note and try to use information conveyed to a smart speaker or data captured on a fitness tracker as evidence in future matters. Along the same lines, we’ll also see more reliance on data captured from text messages and other mobile apps in investigations and litigation.” – Dan Roffman, Senior Managing Director
Data Point Prediction No. 8: Analytics solutions will provide greater discovery flexibility.
“Research analytics adoption will drive upstream collection and enrichment process improvements, making the data acquisition process able to provide faster access to insight. Further, analytics solutions will provide greater flexibility for incorporating data from text, chat, collaboration platforms and other short form messaging systems. We’ll see reduced focus on from which platform data originated (e.g., Slack, Bloomberg Chat, SMS, Facebook Messenger, etc.), and more on dynamic functionality for grouping, searching and analyzing cross-channel communication by the common elements of date, correspondents and content. Lastly, cloud data platforms will continue to expand access to data through APIs. Data interchange standards will provide greater opportunities for the creation of integrated discovery and compliance solutions.” – Tim Anderson, Managing Director
Data Point Prediction No. 9: AI will become business as usual.
“Automation and AI will become further standardized as part of corporate managed services and as this happens, most companies will begin to consider programs or entire departments dedicated to the implementation and control of such as standard/business as usual.” – Ryan Drimalla, Managing Director
Data Point Prediction No. 10: Blockchain will continue to raise questions.
Editor's note: Blockchain is all about trust—specifically, trust among vetted partners in business transactions. Blockchain is a type of database structure that enables identifying and tracking transactions digitally and sharing this information across a distributed network of computers, creating a trusted network. The distributed ledger technology offered by blockchain provides a transparent and secure means for tracking the ownership and transfer of assets.
“As an increasing number of enterprises look to adopt blockchain for applications spanning parts and supply tracking, data storage, cybersecurity, verifying devices, enabling secure communications and more, in-house legal teams must prepare for the data governance and compliance implications of its use. The primary concern from an IG perspective is that blockchain technology will inherently create an explosion in corporate data with no retention schedule. Counsel that begin thinking about it today will be in a much better position to build sustainable programs around blockchain data; and potentially even learn ways to leverage the technology to strengthen compliance and governance efforts.” – Saffa Sleet, Director