United States: The Bitcoin Verdict: A Conversation With Brown Rudnick Partner Matthew Richardson And Associate Morgan Jones About Data Privacy And Cybersecurity Regulation (Video)

In this episode of "The Bitcoin Verdict," host and partner Hailey Lennon welcomes partner Matthew Richardson and associate Morgan Jones, who discuss data privacy and cybersecurity regulations and how new technologies like blockchain and AI may be impacted by these regulations.

In the U.S. where rules differ from state to state, it's important to work with clients during a data incident to ensure their response follows the rules of the state(s) where their users live, Richardson said.

"If the data subjects are all in one state, it's easy, but of course that's not realistic," he said. "And we've got to deal with basically 54 regimes – that's all 50 states, the District of Columbia, Puerto Rico, Guam and the USVI," he said. "And each of them has slightly different definitions of what data is, slightly different definitions of a breach, slightly different notification requirements, slightly different time limits for those notification requirements. But mercifully, for any person that comes to us, Morgan and I do this on a daily basis, so we are perfectly capable and happy to analyze the data, analyze the breach and give a very capable and thorough understanding of what has gone on."

Jones added that it's important for companies to not sit on a breach and try to figure it out on their own, because once it's discovered, the clock starts ticking on the reporting requirements. He said some states have notification requirements that fall between the 30- and 60-day window, but there are a few where you have to notify either the regulator or the individuals within 10 days or so.

After a breach happens, it's also possible for a company to face investigations into their protocol, depending on the situation, Jones explained.

In discussing how future data privacy regulations may apply to the blockchain industry, Jones said there are some implicit contradictions between GDPR requirements of the right for data to be deleted and blockchain ledgers that are immutable. For now, Jones noted that regulators are extremely focused on artificial intelligence but may turn their attentions back to blockchain and cryptocurrency in the future.

He believes the regulations for blockchain will require a different approach than AI because of the ways the different technologies collect and use data.

"I think the general intention of the legislators right now has been turned away a bit to focus more on AI – that's the hot button topic right now – but I think they will eventually circle back to blockchain," Jones said. "I think they'll take a softer touch to it than AI because AI data is being collected and shared in many instances without the consumer knowing. Whereas blockchain you're opening yourself up to this. So I think it's going to take a bit of a lighter touch and it won't be quite so drastic when it comes to cryptocurrency."

Lennon said people who choose to buy crypto are generally very focused on the importance of data privacy, but that doesn't make it any easier to enforce those rules.

"For the crypto industry and blockchain advocates, the immutability and the decentralized aspects perhaps add to an inability to comply, but also an inability to enforce in some ways," Lennon said. "I know that privacy is important to individuals in the cryptocurrency space, there's privacy coins, there's zero-knowledge proof being integrated into some projects, maybe that, in some ways, is where the blockchain technology is headed in the future."

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.