May 42021

Using Data De-Identification to Protect Companies

Michele L. Aronson, Robert D. Keeling and Ray Mangum
, , , , ,

Many companies hope to benefit from amassing large amounts of data by mining it for market insights, creating internal business models, and supporting strategic, data-driven decisions. But as companies collect and store increasingly enormous volumes of data, they may unknowingly take on significant legal risks, including potential violations of data privacy laws and increased exposure to U.S. litigation discovery obligations. One way that businesses can mitigate these risks is to de-identify the data they collect and store.

Done properly, data de-identification can minimize risks to privacy interests—e.g., in the event of a data breach— and can help ensure that companies comply with many privacy laws. It can also reduce the likelihood that a company will need to collect, review, and produce such data in discovery as part of litigation or a government investigation.

This remains an emerging area, however, with no bright-line rules. Consequently, it is important for companies to understand how de-identification changes data and what those changes may mean in the context of a party’s discovery obligations.

This article offers several guiding principles to assist companies in developing data de-identification practices that will reduce the risks associated with large-scale compilations of data.

VIEW ARTICLE

This article originally appeared in Bloomberg Law.

This post is as of the posting date stated above. Sidley Austin LLP assumes no duty to update this post or post about any subsequent developments having a bearing on this post.

Michele L. Aronson

Washington, D.C.

maronson@sidley.com

Robert D. Keeling

Washington, D.C.

rkeeling@sidley.com

Ray Mangum

Washington, D.C.

rmangum@sidley.com

You might also like
Regulatory Update: National Association of Insurance Commissioners Spring 2024 National Meeting

The National Association of Insurance Commissioners (NAIC) held its Spring 2024 National Meeting (Spring Meeting) March 15 through 18, 2024. This Sidley Update summarizes the highlights from this meeting in addition to interim meetings held in lieu of taking place during the Spring Meeting. Highlights include proposed updates to the regulatory review process for affiliated investment management agreements, continued discussion of considerations related to private equity ownership of insurers, and continued development of accounting principles and investment limitations related to certain types of bonds and structured securities.

District Court Finds Communications Decency Act Provides Automotive Device Manufacturer Immunity for Clean Air Act Violations

On March 28, 2024, in US v. EZ Lynk, the U.S. District Court for the Southern District of New York dismissed the Department of Justice’s (DOJ) claim that an automotive device manufacturer violated Section 203 of the Clean Air Act (CAA), holding that Section 230 of the Communications Decency Act (CDA) provided complete immunity from CAA liability for the sale of certain aftermarket automotive devices. This decision of first impression offers an important precedent in the automotive industry and beyond. The decision gives effect to the CDA as drafted and will make it significantly harder for the government to hold manufacturers and online retailers liable for content, including software, created and sold by third parties.

Cybersecurity Takeaways From White House Tech Report

On Feb. 26, the White House’s Office of the National Cyber Director (ONCD), released a report on how technology manufacturers and software developers can improve the cybersecurity posture of the U.S. This report, “Back to the Building Blocks: A Path Toward Secure and Measurable Software,” aligns with the Biden administration’s current, intense focus on combatting ever-increasing cyberthreats through software development and software manufacturer accountability. In this article, published by Law360 on March 26, Sidley lawyers Alan Charles Raul, Stephen McInerney and Vishnu Tirumala discuss the ONCD report and provide key take-aways for software developers and manufacturers, their senior management, and boards.