2015: A Critical Year for Information Technology & Communications (“IT/C”)
IT/C issues will capture an extraordinary amount of attention from global business and compliance leaders in 2015. We see this trajectory developing as a result of the confluence of several factors, including (i) global business imperatives for technology solutions, (ii) the organizational risks associated with information technology and data, and (iii) the ever expanding and changing landscape of global IT/C regulations.
(i) Business imperatives for technology solutions. Business imperatives will continue to turn to IT/C solutions across healthcare, financial services, consumer, and other industry sectors. Among other competitive benefits, IT/C solutions provide opportunities for organizations to enhance the efficiency of business processes, to capitalize on new sources of revenue, and to establish new products, services, and business models. By way of example, the Internet of Things ("IoT") is enabling product manufacturers and others to offer new services and achieve unprecedented access to end user relationships. Cloud computing offers cost savings, scalability, and flexibility across all aspects of enterprise computing, including IT/C services as well as business process outsourcing through Software as a Service ("SaaS") and other models. Mobile applications, location data, social media, cookies/tracking technologies, and other sources of information will facilitate "big data" analysis, including precise targeted marketing and new business models that involve monetization and efficient leveraging of data. And various other technology developments, such as driverless cars, appear poised to effectuate change across various industries and sectors.
(ii) Organizational risks with information technology and data. Despite the manifold benefits and the unstoppable momentum toward more information technology solutions and innovations, the organizational risks associated with these benefits have never been more acute. We enter 2015 with unprecedented cyber security risks. Companies in recent years have already faced challenges protecting against cyber attackers that seek government identifiers, credit card numbers, intellectual property, or other data for financial gain or for purposes of effectuating other goals such as embarrassing the company. Now, it is clear that such attacks can also be carried out on a broad scale in a manner that is calculated to cause widespread data and system destruction. Companies must therefore update their risk assessments and preparations to include scenarios where attacks not only take data, but also effectuate business disruption via damage to the company’s Internet sites and computer systems, as well as relationships with business partners and others.
Companies should not underestimate the demands that these expanded cyber threats place on their information security programs and defenses, as well as their overall information governance structure across privacy and data protection, regulatory compliance, record retention, and record destruction policies and procedures. In addition, companies should take into account their extended enterprise and
third party relationships. Perhaps most notably, cloud computing opens tremendous opportunities with third party relationships, but as highlighted in our recent Baker & McKenzie’s Global Cloud Computing Survey, privacy, security, and regulatory issues are top of mind for customers and providers of cloud services.
(iii) Changing and expanding global IT/C regulations. Against the backdrop of business imperatives and organizational risks, organizations must also face a changing and expanding array of IT/C regulations and enforcement activities. Some of the regulatory initiatives may ultimately be helpful for global business if done properly, such as proposals in the US that could promote better cybersecurity information sharing between the private sector and government, or establish federal breach notification standards with pre-emption of the myriad of state breach notice laws. Others could have unintended consequences that materially slow the growth and development of the Internet economy if not properly considered, such as proposals in the US to establish a comprehensive privacy bill of rights. In Europe, critical decisions will be faced this year as efforts are made to seek the adoption of a rigorous EC Data Protection Regulation to replace the member state laws based on the 1995 data protection directive. In other regions and territories, including the Asia-Pacific region and Latin America, there is a rapid expansion of regulations on privacy, security, telecommunications, and other issues affecting IT/C.
What's inside of LegalBytes. In this edition of LegalBytes, among other developments, you'll see updates from all corners of the world where Baker & McKenzie has IT/C attorneys. Canada's Anti-Spam Legislation ("CASL") now includes a "spyware" provision that can sweep as broadly as cookies and other commonly used technologies. France is adopting new guidelines on mobile apps and employee monitoring in internal investigations. Australia and Spain are adopting new rules affecting copyright protection. Hong Kong is urging financial institutions to protect against expanded cyber-security threats. And, Argentina, Australia, and Canada are updating telecommunications regulations.
We hope that you enjoy this January 2015 edition of LegalBytes. We welcome your feedback or suggestions. As always, if you have questions, you should reach out to the Baker & McKenzie IT/C attorney(s) who drafted the article at issue, or your usual Baker & McKenzie contact. We look forward to continued discussions and dialogue with you as this important year for IT/C progresses.
Baker & McKenzie, Chicago +1 312 861 3077