Throughout the world on Friday, January 28, privacy and cybersecurity professionals, scholars, and enthusiasts will celebrate another Data Privacy Day. While Data Privacy Day began in the United States and Canada in January 2008, it was an extension of the Data Protection Day celebration in Europe, which commemorates the January 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. 

There are many privacy and cybersecurity events this week and throughout the month of January that focus on the ways consumers can become more aware of potential threats to the privacy of their personal information.  However, Data Privacy Day also serves as a convenient annual reminder for businesses large and small to check in on their privacy and cybersecurity compliance requirements, planning and strategies.

Some key steps to take this Data Privacy Day:

• Review Current Practices. Companies should review their data collection practices and associated privacy notices and policies at a minimum. Notices, policies and procedures should also be updated anytime there is a change in your privacy practices.
• Plan for Compliance with New US Laws. If you have not already done so, assess and plan for the implementation of new US privacy and cybersecurity regulatory requirements throughout 2022.  While the California Privacy Rights Act, Colorado Privacy Act and Virginia Consumer Data Protection Act do not become effective until 2023, planning for these new laws should start now especially for larger businesses that may need to assess the applicability of all three to their business.
• Update Your Contracts. The new US laws include specific language to be included in third party contracts. In the EU, UK and Switzerland, companies that rely on the Standard Contractual Clauses (SCCs) to transfer data should also be updating their practices and contractual agreements as the old SCCs become ineffective at the end of this year.
• Update Your Training. With the new laws and increasing risks related data protection, including the risks of regulatory enforcements for non-compliance, Companies should be working to ensure that their employees and vendors are educated about those risks and how the company is complying with the laws.

The Paul Hastings Privacy and Cybersecurity Practice celebrates Data Privacy Day and strong data protection practices every day. We look forward to continuing to meet the privacy and cybersecurity challenges of our clients throughout the coming year.