A panel on legal reform in the area of privacy and data security at this week’s IAPP Summit provided an opportunity for a discussion between businesses and regulators, as well as for the launch of a white paper on the activities of the plaintiffs’ bar in this area that Reed Smith prepared for the U.S. Chamber Institute for Legal Reform (ILR).

The panel, “Lessons in Liability: The US Privacy Landscape and Proposals for Reform,” featured Tanya Madison, Chief Privacy Counsel at TD Bank; Howard Beales, Professor of Strategic Management and Public Policy at the George Washington School of Business, and former Director of the Bureau of Consumer Protection at the Federal Trade Commission; and Oriana Senatore, Vice President of Policy & Research at the U.S. Chamber of Commerce Institute for Legal Reform.

The International Association of Privacy Professionals Global Privacy Summit is taking place in Washington this week.

The panelists explored how the current data privacy and security regime is ripe for reform, as businesses face challenges, from indefatigable plaintiffs’ attorneys, to the conflicting patchwork of state breach laws, and all the state and federal regulators in between. Reforms that were discussed included a national data breach law that would preempt those of the states; harmonization of state laws so that businesses would not be expected to comply with more than 50 differing standards; clarifying the meaning of harm; and performing better analyses of the risk of harm to consumers.

Senatore discussed the white paper, “Engineered Liability: The Plaintiffs’ Bar’s Campaign to Expand Data Privacy and Security Litigation.” The white paper explores the growth of litigation in this area, including the inventive tactics and legal theories that plaintiffs are using to target companies. Reed Smith researched and wrote the paper on ILR’s behalf.

The panelists also explored the importance of considering consumer perceptions of harm and culpability. A recent ILR national poll found that there is broad, bipartisan consensus among consumers for legal reform efforts in this area. For example, only one in five consumers polled believed that a company should be sued if it took prudent measures following a data breach. More than three in five supported a proposal for a more stringent definition of “harm” in data breach cases.

Beales spoke from his position as a former regulator at the FTC to describe how the Commission’s interpretation of harm has evolved over the years, particularly in recent cases that seem to impose strict liability on companies following data breaches. Madison spoke as in house privacy counsel for TD Bank about the significant compliance burden that businesses face, as well as the pressure from plaintiffs and constantly evolving technology.