Richard Thomas (RT): Lisa, congratulations on the publication of the new treatise.  I’m sure the Privacy team has been waiting for its release.  Could you give us some background on what prompted you and the team to write the Privacy and Data Security Law Deskbook?

Lisa Sotto (LS): Thanks, Richard.  Privacy and information security are topics that have received significant attention during the last few years.  Organizations that manage personal information are under the microscope and are struggling to keep up with the many new and evolving legal requirements around the world.  In addition, there is a real uptick in enforcement actions for privacy and data security incidents.  As the former Information Commissioner of the UK, I’m sure you would agree that privacy is an issue on which nearly every global company must focus.  In 2009 alone, companies spent an average of $6.6 million to rebuild their brand image and retain customers after being involved in some type of data breach the previous year.

RT: $6.6 million!  That’s quite an investment.

LS: Yes, an investment that could have been better directed considering the current economic crisis.  So many of these incidents could have been prevented.  That’s why our treatise is important.  It provides thorough, practical and sector-specific guidance that will help organizations avoid these types of events.

RT: Why do you believe there are so many privacy and data security incidents?

LS: Honestly, I think there are a number of companies that still are not spending the types of resources necessary to fully understand their legal and practical obligations in this area.

RT: What information do you provide in your treatise to help companies better understand the rules?

LS: Not only is the book thorough, but it’s also filled with sample documents, checklists and other compliance-enabling tools.  With these resources, readers are better able to navigate the complex maze of U.S. privacy law, understand breach notification requirements, comply with global data protection requirements, and keep current with emerging legal trends.

RT: Can you tell me some of the areas covered by the book?

LS: There are chapters on financial privacy, social networking, privacy torts, surveillance, health information (more specifically, HIPAA compliance), privacy in the workplace and cyber terrorism to name a few.

RT: Is there information in the treatise that you think would be specifically helpful to me considering I’m in London?

LS: Yes, we have included information on international privacy and data protection laws as well.

RT: Who should be reading this deskbook?  Does the book target a specific audience?

LS: The treatise targets privacy officers and attorneys involved in managing global privacy and data security issues.

RT: How can I get a copy of the treatise?

LS: You can order a copy online at or by calling toll-free to 1-800-638-8437.  We also have a link to order the book on our blog at

RT: Lisa, it has been a pleasure.  All the best with your new project.  I’m optimistic that total dollars spent to rebuilt brand image in 2010 will be significantly decreased once companies get a hold of your treatise.

LS: Thanks, Richard, that’s my goal!