1. More Privacy Laws Are Coming

 In November of 2020, California voters approved updates to the California Consumer Privacy Act (CCPA). These updates, entitled “California Privacy Rights and Enforcement Act (CPRA),” strengthened the CCPA and will go into effect on January 1, 2023. The CPRA has positioned California’s privacy protections at the forefront of states’ efforts to protect the data of individuals, aligning themselves with the European Union’s General Data Protection Regulation (GDPR).[i]

As we move into 2021, more than two dozen states have passed legislation, or are considering bills that would establish privacy protections.[ii]

Business owners should prepare for similar legislation to be enacted by other state legislatures and countries by understanding the steps they will need to take to comply with the laws.

  1. Collecting Less Data 

Historically, businesses have primarily collected and stored data to build their brand and enhance their marketing. In addition, this stored data helps protect the future of the company as well. [iii] As this stored data can have substantial value, a hacker attack occurs every 39 seconds, and 45% of Americans have had their personal information compromised by data breaches over the last five years.[iv] As a result of these data breaches, companies can face potentially massive liability for unprotected data.[v]

To manage this liability risk, businesses should assess all implemented procedures currently used to collect data of both their employees and customers, and question whether that data should continue to be collected and, if so, should it be retained.

  1. Increased Interest in User Data Privacy

According to Forbes, 92% of Americans are concerned about their privacy when they use the Internet. [vi]

Because of the sensitivity of consumer data many states and the federal government have implemented requirements that companies have detailed and current Privacy Policies on their websites.[vii] Not only do Privacy Policies satisfy governmental requirements, having a detailed and updated Privacy Policy on your website shows consumers that they can trust your business with their sensitive data and that you will take care of their personal information.[viii]

A Privacy Policy should accurately showcase how your business handles collected consumer information and should be updated regularly (e.g., after a data breach occurs or following changes in the law).

  1. Ransomware is on the Rise

As a result of the Coronavirus pandemic and the transition to a remote workplace, ransomware attacks boomed in 2020.[ix]

Ransomware is a form of malware that encrypts files. Once installed, the attacker will then demand a “ransom” to restore access to the data. These ransom costs can range from a few hundred dollars to thousands.[x]

While cyber-attacks such as ransomware may feel unavoidable, there are measures your business can take to protect your files:

  • Keep software and operating systems updated.
  • Avoid clicking links or opening attachments from unsolicited emails, such as the example below.

Email Scam Example

  • Back up data on a regular basis.[xi]
  1. Increased Importance of Insurance and Contingency Planning

With Ransomware and other cyber-attacks becoming more common, particularly attacks against small business, it is important for businesses to have a plan to repair and restore a network in the event of an attack.[xii]

A well thought out contingency plan will help guide your business decisions during a digital attack. Turning to data security experts to assist in the development and implementation of a data security plan is critical. Equally critical is educating and training your employees to spot potential cyber threats and continue to follow the data security plan previously implemented.[xiii]

Practices to include in your contingency plan include:

  • Developing a chain of command so employees know where to report an incident.
  • Keeping a backup of important data. This way if you fall victim to a cyber-attack, your operations are not at a standstill.
  • Assigning an executive or leader to oversee the response plan.

Read more about the firm’s Internet Privacy and Use Policies Practice here.


[i]  Rob Lemos, What your data security team can expect in 2021: 5 key trends, TechBeacon Data Security (December 22, 2020), https://techbeacon.com/security/what-your-data-security-team-can-expect-2021-5-key-trends.

[ii]  Id.

[iii]  Id.

[iv]  Blake Morgan, 50 Stats Showing Why Companies Need to Prioritize Consumer Privacy, Forbes (June 22, 2020), https://techbeacon.com/security/what-your-data-security-team-can-expect-2021-5-key-trends.

[v]  Id.

[vi]  Id.

[vii] Lemos, supra note 1.

[viii]  Shannon Flynn, 5 Data Privacy Predictions for 2021, Data Science Blog (September 22, 2020), https://data-science-blog.com/blog/2020/09/22/5-data-privacy-predictions-for-2021/

[ix]  Lemos, supra note 1.

[x]  Cybersecurity & Infrastructure Security Agency, Ransomware Guidance and Resources (January 2021), https://www.cisa.gov/ransomware.

[xi]  Id.

[xii]  CyberPolicy, How to Develop a Cybersecurity Contingency Plan ASAP, (accessed: January 25, 2021), https://www.cyberpolicy.com/cybersecurity-education/how-to-develop-a-cybersecurity-contingency-plan-asap

[xiii]  Id.