Executive Summary

Data Security and Privacy are top of mind for many businesses, and auto suppliers are no different. With continuing advances in technology such as Cloud Computing and Big Data initiatives, this area is only increasing in importance. In 2014, suppliers are wise to spend time focusing on these issues and considering the implications of their current policies and procedures. As the amount of data companies collect, store, and use continues to grow, careful examination of the issues outlined below as well as the company's particular needs can mitigate risk in this area.

1. DATA SECURITY

Auto suppliers, not unlike other businesses, maintain highly confidential and sensitive business information and personal data electronically. Businesses are networked not only internally but to outside companies through the Internet or other telecommunications connectivity. As such, auto suppliers need to have robust information security practices properly documented in information security policies. Businesses with good policies need ensure that the actual practices utilized by the organization comply with its data security policies. Failure to do so can result in an unreasonable risk of loss of company trade secrets, confidential business information, and personal information.

2. CLOUD COMPUTING

Cloud computing is the practice of using vendors to host and remotely store software applications and company data. This raises the same data security issues as discussed above, with the added complexity and risk that the company's confidential information and personal information is in the hands of its thirdparty service provider. Accordingly, companies that use cloud computing solutions must have robust vendor due diligence practices and policies, as well as effective procedures for ensuring appropriate contractual protections are obtained in agreements between the company and its cloud vendors.

3. BIG DATA INITIATIVES

Big Data is commonly understood to be the use of large amounts of data to derive value from complex data analytics — predicting outcomes and behavior based on very large volumes of data collected from various sources — very often relating to numerous data subjects. Big Data initiatives utilizing consumer data or other personally identifiable information result in unique compliance challenges. Often, the intended use of the data for Big Data purposes is different than when the data was originally collected from the consumer. This raises the issue of whether the consumer was clearly and properly notified of the intended purpose for using the personal information when it was collected. Failure to properly notify and obtain consent from consumers for use of their personal data can result in regulatory enforcement actions and private/class-action lawsuits. Accordingly, companies utilizing personally identifiable information in connection with Big Data or other data initiatives must ensure compliance with applicable data privacy laws and regulations, as well as industry guidelines and standards.

4. CROSS-BORDER TRANSFERS

Auto suppliers that receive personally identifiable information from a country located in the European Union must comply with special rules in order to lawfully receive the information. This would apply to companies in the United States with affiliates in the European Union, or companies in the United States that receive personal information from customers, suppliers, or other vendors located in the European Union. In order for the company located in the European Union to comply with applicable law, the U.S. organization must: 1) be certified under the Safe Harbor program operated by the U.S. Department of Commerce; 2) enter into model contracts that have been approved by the EU; or 3) adopt binding corporate rules that have been approved by the European Union. Failure to do so can result in the EU company being in breach of EU law, and claims being asserted against the U.S. company by its trading partner in the European Union.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.