The best way to protect personal information is never to disclose it. But that’s impossible in today’s information age. We give personal information to businesses and governments in any number of transactions. Each time, we are forced to trust those who receive our information to safeguard it. Is this trust justified? Can we reasonably expect the custodians of our data to take the steps necessary to safeguard our information? Or is that hope a pipe dream?
The problem of externalities
To be sure, the U.S. is not yet like Europe, the British Commonwealth and certain countries in South America, where virtually all personally identifiable information is protected by comprehensive regulation. The statutory and regulatory environment in the U.S. is a complex, industry-specific and context-sensitive patchwork of laws. Even a corporate director’s oversight duties are breached only where there is “a sustained or systematic failure of the board” to ensure data privacy. (See In Re Caremark Int'l, )
But the lack of comprehensive regulations can lull companies into a deceptive sense of ease. For all the following reasons, legal counsel should advise companies to make the necessary investment to ensure data privacy: