Organizations are gathering and using more personal information every day, and doing so in new and novel ways. At the same time, privacy laws are rapidly expanding and shifting. In some cases, like the California Consumer Privacy Act (CCPA) (Westlaw subscription required), recently amended by the California Privacy Rights Act (CPRA), it may seem like certain laws are changed annually – if not more frequently.

Even if no new privacy laws were enacted, the regulatory patchwork that exists is overwhelming. There are laws that govern entities in particular industries (health care, financial services, telecommunications, to name a few). There are laws that impact how entities can engage in particular activities (sending emails or text messages, gathering biometric information, and much more). Then there are laws aimed at protecting certain types of individuals (children or employees, for example). And in many jurisdictions, there are more general privacy laws as well.

These factors create a confusing sea of requirements which businesses must navigate. What type of personal information can be gathered? How much information? Can it be shared? Are there use restrictions? What about using passive technologies to engage in information collection and use practices?

When attempting to answer these questions, we can’t just look at one law. We usually have to look at several. Thomas on Big Data, authored by Liisa M. Thomas, provides a practical tool for managing information collection and use in the modern age. With step-by-step guidance that takes into account requirements of hundreds of privacy laws from around the globe, this is a go-to resource that fills a glaring void. In-house counsel as well as law professors have touted the book as a comprehensive resource with insights into the intersection of privacy and technology.

This blog was submitted by the author. Liisa M. Thomas is the chair of the privacy and cybersecurity team at the global law firm Sheppard Mullin Richter & Hampton LLP and an adjunct faculty member at Northwestern Law School, where she teaches courses on privacy and data security laws.