Outlook
Looking ahead to 2009, what do the top firms see unfolding in the privacy marketplace? Several see an evolution of privacy regulations not letting up during an economic downturn.
Erin Egan, a partner at Washington-based Covington & Burling, expects that the new Congress and the Obama administration will more actively legislate and enforce consumer-privacy protection. "The increased use of 'border-free technologies and cloud computing " will also drive corporate privacy agendas, she added.
"The privacy landscape is becoming much more complex both domestically and internationally," echoed Mary Ellen Callahan, a partner at Washington-based Hogan & Hartson. Callahan points to new data-security regulations in Massachusetts and Nevada as barometers of future activity at the U.S. state level. She also sees an Obama administration potentially supporting federal privacy legislation covering all sectors. A "new data-breach notification scheme" in the EU is also a possibility, she added.
"I believe companies will be evaluating how legislative proposals in the new congress -- in areas including data security and online behavioral advertising — would impact their businesses," opined Stu Ingis, a partner at Venable and second in votes for top individual expert (see Table 3).
Milo Cividanes, also a partner at Venable, similarly sees "potential new laws and regulations initiated by the Obama administration" as a key factor in 2009.
Ed McNicholas, a partner at Washington-based Sidley Austin, agreed. "In the coming era of more self-confident governmental oversight and enforcement, the increasing need to comply with regulatory mandates -- both foreign and domestic -- will drive companies to seek outside privacy advice, the recession notwithstanding."
Brian Hengesbaugh, a partner at Baker & McKenzie and No. 6 in top-expert votes, sees companies in 2009 still absorbing their pre-existing privacy obligations.
"At the same time," Hengesbaugh added, "more companies are going to be grappling with privacy in new contexts, such as global internal investigations, e-discovery and non-U.S. breach notification."
"Health privacy promises to re-emerge as a major topic of debate," said Mary Devlin Capizzi, a partner at Washington-based Drinker Biddle & Reath.
"We may also see more breach-notification requirements that apply to medical information, the extension of HIPAA-covered entity type requirements to vendors of personal health records, and statutory penalties for failure to comply with a HIPAA business-associate agreement," she added.