As we’re all aware, privacy laws are in effect all over the world and new ones are sprouting up every year. Not only can non-compliance of privacy laws mean hefty fines, a damaged reputation, or both, but the sectoral nature of the legal privacy framework makes it difficult to quickly identify all applicable laws. This has caused individuals and companies alike to take quick action to comply.
When creating a sizeable, wide-reaching privacy compliance program, a smart way to begin is to use an existing framework rather than choosing to reinvent the wheel.
With this in mind, the Consumer Privacy and Data Analytics Subcommittee of the American Bar Association’s (ABA) Cyberspace Law Committee created the Global Privacy Checklist for the business lawyer.
This checklist was created in an effort to help those lawyers who may not be as familiar with privacy law navigate the complexities of global privacy legislation. It is a guide to privacy law from jurisdictions all around the world.
This Subcommittee assembled an international group of privacy experts to contribute, including two of us from the Access team (I, Brent Martindale, Esq., contributed to the Australian section, and John Isaza, Esq., co-chairs the subcommittee and served as co-editor). We sought to find and highlight the most important privacy rules across the globe and included them in this practical and convenient guide.
This Checklist is a great starting point for any lawyer who counsels clients on complying with privacy laws as well as in-house legal departments as they lead their organizations’ privacy efforts. It serves as a pointer to laws in the U.S., Australia, Canada, the European Union’s General Data Protection Regulation (GDPR), and the member states of the European Union.
The Checklist was built using an Excel spreadsheet and is organized in a user-friendly “if-then” framework. As an example, the U.S. Federal tab includes the “if” statement: If “You collect and use email addresses for commercial purposes.” The “then” statement points the user to the relevant legal rules: “Then consider the applicability of” the “Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM): 15 U.S.C. §§ 7701-7713.” What follows is a summary of the rules that must be followed to comply with the CAN-SPAM Act.
This “if-then” checklist approach to privacy is a quick and ready tool which lawyers can use to aide them in their understanding and counsel to clients. Given the dynamic nature of privacy regulations, this Checklist does not include proposed legislation, but rather only references enacted and enforceable laws. The Subcommittee hopes to update the Checklist annually to include new rules in the everchanging privacy landscape.
Currently, only American Bar Association (ABA) members can access the 2021 version of the checklist here, but for non-members, Access offers many other resources that may help you in your privacy law education journey. For example, a recent blog by Brenda Barnhill highlights 10 ways to continually improve privacy compliance, and many other helpful articles on the topic can be found here.
To learn specifically how Access can help your team better manage privacy compliance, check out our eBook: Data Privacy for the Information Management Professional.