Data privacy. Sounds like a good thing, but many businesses with customers or clients across the U.S. and Europe must now give the topic a lot more attention than before. In the U.S., California (see the California Consumer Privacy Act) and Massachusetts (see the Fair Information Practices Act), among others, are imposing substantial privacy obligations on entities that deal in sensitive personal information. Medical records have been subject to HIPAA protection for years, but the scope of protected information and those responsible for its protection has grown. For U.S. companies who may process personal information in (or from) Europe, the General Data Protection Regulation (GDPR) applies. This is Europe’s new data privacy and security law – – said by some to be the toughest privacy and security law in the world – – and includes hundreds of pages’ worth of new requirements for organizations around the world. Thus, increasingly, clients who previously did not think much about data privacy must now consider the effects of newly-expanded rules that could affect their communications, customer lists, marketing, websites and other data-intensive assets.