A New Treatise from Thomson Reuters by Liisa Thomas
After I finished my first treatise, Thomas on Data Breach, I knew something was missing. That volume covers what happens when a bad actor steals personal information, and security obligations companies have to protect that information. There is, however, a whole suite of requirements that apply to use of information. What information can be collected? How? What uses can be made of that information? What notice needs to be given?
Since 2014 I have been working on putting together a concise and practical response to those questions. This new book is the culmination of that work.
Federal privacy laws have been getting a lot of press recently. That seems to happen quite a bit. However, no federal law could replace the complex patchwork of US state laws that impact how a company can collect, share, store and use personal information. This book is intended to be tool not only to help companies understand the obligations that exist under these laws that are unlikely to change, but also to illustrate for regulators the existing complexity of the compliance landscape.
This book is intended for in-house counsel who support business teams who are engaged in collecting and using personal information. It is also useful for regulators who are trying to get a handle around the existing privacy regulation landscape.
Unlike most other privacy treatises, this book is divided by activity. What can we collect? How can we collect it? What notices should we give at the time of collection? My hope is that this volume can be a practical guide for in-house practitioners as they support their business teams' data collection and use activities. This book -which contains both an analysis and copies of the laws- is a unique and practical tool.
One of the common misconceptions about the field of privacy law is that there is one or two laws in this area. That couldn't be further from true. There are hundreds of privacy laws, and two of the benefits of this book are (1) not only does it categorize and analyze the requirements of these laws on an activity-by-activity basis, but (2) it also provides copies of the laws. This represents a unique tool for practitioners and regulators alike.