Hogan Lovells Partner Testifies in US House of Representatives on Cybersecurity and Privacy

The relationship between cybersecurity and privacy is complex. On the one hand, cybersecurity that protects data from intrusion, theft, and misuse obviously is a significant privacy safeguard. On the other hand, cybersecurity measures that monitor access and use can implicate the collection of personal information (or data that can be linked to individuals), and thus raises privacy concerns.

Pearson first outlined several cybersecurity-related measures that may require access to personal information, and thus potentially implicate privacy concerns:

• Network and system monitoring
• Background checks
• "Bring Your Own Device" (BYOD) policies
• Supply chain and vendor security measures
• Information sharing with third parties and government agencies

Noting the vital importance of the private sector's taking measures to protect critical operations and data against increasingly well-documented attacks by criminals and spies, Pearson offered her views on steps business and government can take to integrate privacy into enhanced cybersecurity: First, personal data collection, usage, retention, and sharing should be thoughtfully limited. Second, organizations should be appropriately transparent as to the cybersecurity measures in use. Third, government and business should be supportive of voluntary codes of conduct for the privacy-sensitive deployment of cybersecurity measures and programs. Finally, Congress should clarify the expectations and protections for privacy when businesses share information for cybersecurity purposes.

Pearson's statement is available here.