News & Insights  |  Media Mentions

Related Professionals

Practice Areas


Patricia O'Connell
Senior Communications Manager

Kirk Nahra Weighs In on Cybersecurity and Privacy Policy Developments in 2019  

January 3, 2019

Kirk J. Nahra, chair of Wiley Rein’s Privacy & Cybersecurity Practice, was quoted by Law360 in an article focusing on key developments in cybersecurity and privacy policy in the coming year.

Fueled by recent developments such as the enactment of General Data Protection Regulation in the EU and the passage of the California Consumer Privacy Act, companies are rethinking the way they collect, use, and share consumer information, according to Law360.

Federal lawmakers also sought input last fall from major technology companies regarding a federal privacy standard, the article further notes.

“The major wild card that could change this would be if three to five states beyond California pass their own state privacy laws — that might ‘force’ a broader consensus as a defensive measure,” said Mr. Nahra.

“I encourage companies across the board to get involved in this debate — it is going to be extensive and loud for several years, with real ramifications for a broad range of data practices across virtually every industry,” said Mr. Nahra.

While the federal regulatory environment is expected to remain active in the privacy and data security arena this year, the role of the Federal Trade Commission (FTC) in privacy cases remains to be seen, according to Law360.

“I will be watching whether the FTC takes on any meaningful privacy case,” Mr. Nahra said. “They have built a strong history of data security cases over time ... but they haven't done as much to establish real boundary lines on privacy, beyond deception cases, he noted “Is there something on privacy that the FTC will find to be ‘unfair’?”

In the area of health privacy, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has slowed down its enforcement pace in recent years, but experts anticipate the agency will be active in health privacy enforcement actions in the coming year.

“OCR did very little for almost two years, but seems to be heating up again somewhat,” said Mr. Nahra, noting that the lull coincided with staff turnover and other factors that focused leadership attention’s elsewhere. “I hope that they will continue to be as thoughtful in their enforcement as OCR historically has been.”

The article can be found here (subscription required).