The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2023”.

As the value of data continues to increase exponentially, so too do the associated risks, including risk of cyberattacks, data breaches or data-related litigation, as well as rising regulation throughout the world designed to restrict the exploitation of these assets. 

This tension between an organization’s desire to maximize the benefits derived from data collection versus mounting exploitation risks will only continue to grow in 2023.  For example, according to the International Association of Privacy Professionals, in the absence of a federal standard in the U.S., state-level momentum for comprehensive privacy bills was at an all-time high in 2022, with 29 states and the District of Columbia either introducing data privacy bills or carrying them over from last year’s sessions, and two states successfully passing comprehensive privacy legislation as discussed below.  Similarly, in Europe, new proposals for regulations designed to address data usage have started to proliferate as policymakers moved from deliberation to action.

To read the full post, please click here.

For a PDF of the full memorandum, please click here.