In an article by Business of Fashion, Fashion Law Institute Director Susan Scafidi shares her insight on the intersection between cyber security and fashion law.
Arguably, it has never been more urgent for fashion leaders to build resilience against cyber attacks. Cyber crime is becoming increasingly common and sophisticated, and consumers are shopping online more frequently and enthusiastically, giving businesses access to valuable data in the process. The concurrent growth of both activities leaves companies increasingly vulnerable to risks associated with data security and — ultimately — with company reputation.
In the US, one example of increased legislation is the California Consumer Privacy Act (CCPA) which took effect in July 2021. It gives consumers the right to know what personal data a company has access to and who it is shared with. In Brazil, the Lei Geral de Proteção de Dados (LGPD) came into force in 2021. The law imposes penalties of up to 2 percent of annual revenues on companies that fail to protect customer data. Meanwhile, China’s new data security law which came into effect in November 2021 will regulate how companies collect and handle personal data. It also aims to ensure data is protected when transferred outside the country.
“There’s a great deal of confusion, because there are so many standards out there [across different jurisdictions]… as well as a desire to — if we can — get global harmonisation, or at least within the US have a federal standard that supersedes state standards,” said Susan Scafidi, founder and academic director of the Fashion Law Institute at Fordham Law School in New York. “Hanging over all of this is this question of who owns our personal data, and who has the right to exploit it, and how.”