Partner Insights: Data privacy and cybersecurity with Polsinelli’s Aaron Ogunro
In today’s digital age, data privacy and cybersecurity have evolved from technical concerns to foundational elements of business integrity. As companies handle vast amounts of data, navigating these fields correctly from the start becomes essential — not only to comply with complex regulations — to establish trust and secure customer relationships. Aaron Ogunro, an attorney at Polsinelli specializing in data privacy, cybersecurity and tech transactions, sheds light on the distinctions and critical steps for businesses to ensure robust data protection.
Watch the full video below or read on for key insights.
Data Privacy vs. Cybersecurity: Why the Difference Matters
Data privacy and cybersecurity, though closely related, tackle different aspects of data management. Data privacy emphasizes the control and use of personal information, ensuring that individuals have autonomy over their data and that it’s handled in accordance with their rights. For instance, personal data rights enable individuals to control how their data is collected, shared and stored. In contrast, cybersecurity is broader, focusing on the protection of systems and networks against unauthorized access or attacks. This includes securing all types of information, not solely personal data, ensuring data integrity across systems.
Both domains intersect in one fundamental goal: safeguarding sensitive information. Ogunro emphasizes the importance of addressing these areas early, as rectifying issues post-collection can lead to complex and costly adjustments, from reconfiguring systems to potentially deleting mismanaged data.
Start with Privacy by Design
A proactive approach—integrating privacy by design—positions businesses to meet privacy requirements from the ground up. Rather than scrambling to retrofit systems, designing with privacy and security in mind from the onset can significantly reduce risks. For example, implementing data minimization practices can limit the scope of information stored, thereby reducing the impact of a potential data breach. Privacy-focused principles mean not only stronger compliance but also a better alignment with customer expectations and trust.
Jurisdictional Complexity: Navigating the Patchwork of Laws
The regulatory landscape for data privacy is vast and varies depending on jurisdiction. On the international stage, the GDPR (General Data Protection Regulation) in the European Union has set high standards for data privacy, influencing laws worldwide. In the U.S., data privacy is often addressed at both the state and industry levels. Regulations such as HIPAA govern health data, while states like California (CCPA/CPRA), Colorado and Texas have introduced comprehensive privacy laws covering a wide range of personal information.
Understanding the geographical reach of a product or service is crucial. With laws differing between countries and even states, compliance efforts must be tailored to the jurisdictional reach of each business. This often means evaluating the specific data being collected, determining applicable legal requirements and staying agile as new laws emerge.
Beyond Compliance: Managing Reputational and Financial Risks
The costs of data breaches go beyond regulatory fines. Ogunro notes that breaches can lead to both financial and reputational damage. For companies housing significant volumes of customer data, a breach can erode trust, deter future partnerships and incur hefty fines or damage awards. The implications may extend to mandatory notifications to affected individuals, regulatory bodies and sometimes even the media. Proactively securing data and maintaining robust cybersecurity protocols is not just a legal responsibility but a reputational safeguard.
Best Practices: Building Strong Cybersecurity Foundations
To mitigate risks, companies should prioritize essential cybersecurity practices. Measures like encryption, multi-factor authentication (MFA) and regular security assessments strengthen defenses against unauthorized access. Implementing data minimization further limits exposure; by only retaining necessary data, companies can reduce the potential fallout in the unfortunate event of a breach.
Fostering Trust through Transparency and Security
Ultimately, data privacy and cybersecurity impact more than just compliance—they are integral to maintaining customer confidence. Ogunro stresses the importance of having open dialogues with stakeholders to align data practices with their needs and expectations. Whether navigating international privacy laws or industry-specific regulations, businesses must understand the unique requirements of their audience and address these from day one.
As data privacy and cybersecurity become even more central to business operations, embedding them into the company culture and infrastructure from the outset can help avert complications and build enduring relationships grounded in trust and transparency.
About MATTER
At MATTER, we believe collaboration is the best way to improve healthcare. The MATTER collaborative includes more than 1,000 current and alumni startups from around the world, working together with dozens of hospitals and health systems, universities and industry-leading companies to build the future of healthcare. Together we are accelerating innovation, advancing care and improving lives. For more information, visit matter.health and follow @MATTERhealth.
About Polsinelli
Polsinelli is an Am Law 100 firm with more than 1,000 attorneys in over 20 offices nationwide. Recognized as one of the top firms for excellent client service and client relationships, Polsinelli is committed to meeting our clients’ expectations of what a law firm should be. Our attorneys provide value through practical legal counsel infused with business insight, offering comprehensive corporate, transactional, litigation and regulatory services with a focus on health care, real estate, finance, technology, private equity and life sciences. Polsinelli PC, Polsinelli LLP in California, Polsinelli PC (Inc) in Florida.