Future-Proofing Your Client's Enterprise: An Analysis of the GDPR & the California Consumer Privacy Act

Data privacy and data protection are legal concepts that are increasingly driving enterprise decision-making. Today’s business lawyer is faced with a daunting landscape of laws and technology that require a skill-set that goes beyond interpreting statutes and case law.

In this course, we will analyze the chief differences between the European Union’s General Data Protection Regulation (“GDPR”) and California’s pending California Consumer Protection Act (“CCPA”).  Our goal is to provide the business attorney, regardless of jurisdiction, the understanding of fundamental definitions that ultimately drive the differences in the two respective sets of laws.

With that understanding, we will also discuss recent changes that affect lawyer’s professional responsibility obligations and how all these different ethical, legal, and business landscapes require an enhanced set of “data sense-making” skills for today’s attorney.

Learning Objectives:

1. Identify the fundamental themes that drive both the GDPR and CCPA and how those themes will affect which kinds of clients
2. Discover the ethical tie-in for attorneys for privacy and data protection contained in the Model Rules of Professional Conduct Rule 1.1
3. Discuss the distinctions between the data breach response approach to “Personally Identifiable Information,” the GDPR’s definition of “Personal Data,” and, finally, California’s new and broad definition of “Personal Information”
4. Practical suggestions to avoid fear-based conversations and information overload when presenting these planning scenarios with your clients in advance of the CCPA and potential federal privacy law