Lawsuits, Class Actions Are 'Real Cost' of Ignoring Data Privacy, Lawyer Says
While companies often understand they risk incurring regulatory fines when they ignore data privacy, many underestimate the real cost of this approach, which includes the potential for lawsuits and class actions, said Bricker Graydon lawyer Nancy Magoteaux in a blog post Tuesday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
"Data privacy laws have teeth," she said. Not only do they carry significant penalties, but "in many jurisdictions, individuals have a private right of action, allowing them to sue companies directly over privacy violations," with some resulting in "multi-million-dollar settlements, even when the violations were unintentional."
Despite the rise in data privacy regulations in an increasingly data-driven world, "many organizations remain hesitant to invest in comprehensive compliance programs," the lawyer said. No matter if it's because of "budget constraints, perceived complexity, or an underestimation of risk, this reluctance can expose businesses to serious legal and financial consequences."
Small to mid-sized businesses often fall short on compliance, partially due to the incorrect assumption that the laws are focused on tech giants, said Magoteaux: This is a "dangerous" mindset.
Companies sometimes consider compliance "cumbersome" or "costly," which is another risky attitude, she said. "Compliance is no longer a luxury; it’s a necessity and establishing a comprehensive program does not have to be overly expensive or disruptive." Conducting data mapping audits, updating privacy policies and cookie banners and training employees to handle data properly are good ways to start, Magoteaux said.
"Creating a data privacy compliance program is like installing a lock on your digital front door" to keep "the bad guys, regulators, and testers away," added the attorney. "It’s your first line of defense against legal trouble, and steps, even small ones, toward compliance can go a long way."