76 | Privacy Governance v. Cybersecurity Governance

This week, Jerry and Jody are joined by leading consumer advocate, India McKinney, to hear her views on the prospects for national privacy legislation and explore the increasingly important voice that consumers and their advocates have in shaping the debate about the content of legislation at both the state and federal levels. Among the issues discussed are whether a federal law should preempt state privacy enactments and the role that India believes private rights of action must play in the enforcement privacy laws as a supplement to the resources that state and federal authorities are able to assign. On the question of whether a national privacy law should cover industries like financial services and health, which already have long-standing privacy regimes, India expresses reservations, citing the difficulty of implementing new legislation that disrupts long standing, industry specific privacy regulation. India McKinney is Director of Federal Affairs for the Electronic Frontier Foundation based in San Francisco. Prior to joining EFF, India spent 10 years in Washington as a staffer for three members of Congress from California. Her passion has always been good public policy and she is excited to be using her skills in advocating for privacy rights for consumers. ***** Contact us: Jerry Buckley | jbuckley@buckleyfirm.com Jody Westby | westby@globalcyberrisk.com ADCG | info@adcg.org

24 Helmi 202134min

This week, hosts Jody Westby and Jerry Buckley explore the nexus between privacy and cybersecurity and how these issues may play into the national legislative response to privacy and data protection challenges. Privacy and cybersecurity are often referenced as separate issues, yet both are part of the data protection ecosystem and both may need to be the subject of legislative and regulatory focus at the national level. ***** Contact us: Jerry Buckley | jbuckley@buckleyfirm.com Jody Westby | westby@globalcyberrisk.com ADCG | info@adcg.org

17 Helmi 202131min

On this episode, we are joined by David Cotney, Senior Advisor at FS Vector and former Massachusetts Banking Commissioner, who shares some ideas about how the Federal Financial Institutions Examination Council (FFIEC) could play a role in shaping national privacy policy by publishing privacy guidance for banks similar to the FFIEC's Cybersecurity Guidance. He also reflects on how a compromise on the tricky issue of preemption in privacy legislation might be achieved by looking to experience with the Fair Credit Reporting Act. Cotney, who currently advises fintech companies and other financial services providers, has held leadership positions in the world of financial regulation, serving as Massachusetts Banking Commissioner, Chairman of the Conference of State Bank Supervisors, and as a participant in the FFIEC. This week, we also discuss his thoughts on how to assign responsibility for privacy regulation among various federal agencies that each have some claim on jurisdiction, particularly referencing the appropriate responsibilities of bank regulators.

10 Helmi 202138min

Jamie Danker had a distinguished privacy career in government both at GAO and DHS before moving to the private sector. In this episode, she makes connections between privacy laws and rules of conduct that bind the federal government and expectations for private companies. The federal government has had a privacy law since 1974 and the E-Government Act has required privacy impact assessments since its enactment in 2002.  Federal government agencies are bound by statute to treat information obtained from or related to private citizens with care and not to accumulate information that is not needed to perform a governmental function.

3 Helmi 202137min

We're joined again by Georgia Tech Professor and Alston & Bird LLP Senior Counsel Peter Swire to discuss the implications of the Schrems II decision by the Court of Justice of the European Union (CJEU) and its interpretation and implementation by the European Data Protection Board (EDPB). Prof. Swire talks about the potential consequences of the CJEU’s opinion and the strict interpretation by the EDPB in its draft guidance. One such consequence could be data localization in Europe and elsewhere and negative implications for commerce. Prof. Swire, who serves on the board of the Cross-Border Data Forum, notes the need to resolve the issue of U.S. government surveillance and access to personal data of persons covered by the EU’s GDPR. We also go over the importance of enactment of a U.S. national data protection law to give U.S. negotiators more credibility with their counterparts in the EU and more confidence in the importance the U.S places on individual privacy, and cover Prof. Swire’s comprehensive testimony on these issues before the Senate Commerce Committee in December 2020.

27 Tammi 202138min

This week, Jerry and Jody are joined by Jill Reber, General Manager – Data Privacy at Logic20/20, who discusses the strategies companies are adopting as they seek to operationalize data protection in a rapidly changing environment. Reber notes how compliance challenges have ramped up as multiple jurisdictions, domestically and internationally, are putting in place varying requirements and outlines the merits of having national privacy legislation. She also talks about the efforts companies are undertaking to help each other in navigating the privacy and cyber-risk terrain.

20 Tammi 202139min

In this episode, Jerry and Jody are joined by Michael Copps, former Commissioner and Acting Chairman of the FCC, who now serves as Special Advisor on Media and Democracy Reform at Common Cause. Copps has called on the new Biden administration to establish a Presidential Commission on the Future of the Internet. He contrasts the regulation of the broadcast industry in the public interest with the relatively hands-off treatment of internet commerce and cites privacy, disinformation, and antitrust concerns, as well as the impact of social media giants on local news outlets, as reasons why a comprehensive policy review is in order. At the same time, Copps says that the new Congress need not wait for the Commission report to start to deal with issues that can be addressed.

13 Tammi 202129min

In this week's episode, Jody and Jerry are joined by Georgia Tech Scheller College of Business professor Peter Swire, who explains issues and obstacles regarding federal preemption of state privacy laws and discusses a potential approach to a federal privacy law.

6 Tammi 202132min