In a special Q&A, The Recorder interviewed Manatt's Donna Wilson, co-chair of the firm's Privacy and Data Security practice, for an article on a new California law, AB 1710, that went into effect Jan. 1, setting new standards for companies with data breaches to notify their customers.
As reported by The Recorder, a flood of cyberattacks on banks and businesses are keeping data privacy attorneys busy and have also commanded the attention of state and federal lawmakers. Wilson spoke with The Recorder about the new state law and about President Obama's recent proposal for a federal counterpart. When asked what AB 1710 does, she replied:
"Generally speaking, it recognizes that there are a number of entities that these days might potentially touch the data that they're handling. ... Just as a practical matter, not everything can be done under one roof. What this statute is trying to do is to recognize that practical reality and make it express what I think most businesses' best practices are already doing-which is, regardless of whether you own or license or maintain the data, if it is personal information, you should implement and maintain reasonable security measures and practices that are appropriate to the nature of the information. Basically, prior to this time, that requirement only applied if you owned or licensed the personal information. Now the statute is saying that requirement applies also to companies that maintain it. But again, in terms of best practices, any company that's in a position to engage in the contractual handling of data will ensure that their partners are doing this anyway."
Read the article here.