The third panel of the day, “Playing Defense: Sports Data Privacy and Cybersecurity,” offered a unique look into the ever-growing data privacy sector of sports law. The panel was moderated by Robert Boland, Sports Law Professor at Seton Hall. Professor Boland was joined by esteemed panelists: Wendy Li (Vice President & Senior Counsel for BSE Global), Leslie Shanklin (Partner & Co-Head of Privacy and Cybersecurity for Proskauer Rose), Thomas Cioce (Senior Counsel & Head of Privacy for the NFL), and Stephanie Weissenburger (Counsel, Business, and Legal Affairs for MLB Network).
Professor Boland opened the conversation with a general discussion of data privacy. All the panelists agreed on the importance of data privacy, as it becomes more extensive and digital. Panelists emphasized how in sports, business is built on data, whether that be data be on players, fans, or marketing, it’s essential. Ms. Shanklin called data “the currency of the sports industry.”
The conversation then turned to the law regarding data privacy. The panelists touched on different states having different statutes on data privacy, some states with little to none at all. This is important because data isn’t collected locally, it’s collected on a national level. Mr. Cioce discussed this topic in depth, from a business giant such as the NFL’s point of view. He explained how data is managed nationally, and many sports-based businesses are racing to regulation and trying to maintain compliance with data reaching and being received from across the country. Because of this, businesses cannot just remove information from a “soup” of data and pick who to share what with. Mr. Cioce also says that some businesses are moving away from chasing regulations and trying to set industry wide standards instead. Because, data ethics is not just about compliance, but also being as transparent as possible. Ms. Shanklin agreed with Mr. Cioce and looked at data privacy from a more global view. Tracking technology is sophisticated and can become tricky. So to manage tracking technology, she advised that it is important to think globally, since that’s how data is received and collected.
When Professor Boland inquired how often the panelists deal with data privacy, they all agreed it was every day. Ms. Weissenburger talked about dealing with data privacy in regard to contracts and deals; who’s accessing the MLB Network’s data, and what they’re accessing. She emphasized authorizing data on a “need to know” basis, internally and externally. This is because, the more people with access to data, the higher chance of a breach or intrusion. Ms. Li spoke on how she didn’t deal with data privacy beginning at BSE. However, a change of leadership led to a focus on data privacy being brought to the forefront to ensure BSE was dealing with it properly. Ms. Shanklin expanded on how the life of data is constantly ﬂowing, the structure of organizations are everchanging, and the complications of dealing with data in that regard.
Next, the conversation led to the value of data breaches and risks. Panelists agreed, it’s expensive. Ms. Shanklin discussed this in detail, highlighting that lots of money goes into data privacy. According to Shanklin, just managing a breach is expensive. It involves notiﬁcation costs, investigators, public relations responses, and even litigation if applicable. Clearly, data breaches have a massive effect, and the risk is so big it becomes a focus for businesses to manage. Ms. Weissenburger was in accord with the monetary value dialogue of data breaches, but she also stressed the reputation risks associated with data privacy. Data breaches don’t reﬂect well on a business’ reputation, and it can make partners and those who work with the business apprehensive towards them.
Professor Boland wrapped the conversation asking the panelists for any advice for law students that they wish they had when in law school, speciﬁcally relating to data privacy. Ms. Weissenburger offered students the advice of taking a data privacy course if they can, and getting familiar with the concept, since it’s only going to grow. Mr. Cioce added to that, even if you’re not interested in data privacy, it’s still a good idea to learn about it, because it’s likely one will be dealing with it as a lawyer in some capacity. Ms. Li offered insights on how sometimes, people just expect lawyers to know data privacy, and it’s fantastic when you do know. She has a small legal team at BSE, and although there is a data privacy group within the organization, it’s important to at least know the basics of, and be able to understand, data privacy.
Finally, Ms. Shanklin advised students that it might not seem like much at ﬁrst glance, but the data privacy sector has allowed her to be at the table for captivating discussions. She also adds that a lawyer having legal expertise and technological expertise offers them a chance to shine in whatever area they decide to practice.
The panel of data privacy and cybersecurity within the sports industry was a phenomenal one. The highly regarded panelists offered invaluable insights into data privacy and how much it grows and changes every day. Data is collected and managed by lawyers on a national, and sometimes global level, and the amount of data collected is extensive. Data breaches can also be ﬁnancially taxing and reﬂect poorly on a company’s reputation. Because of all of this, it’s essential for lawyers working within the sports industry (and even those who are not), to familiarize themselves with the concept, so they can approach it from a knowledgeable standpoint when faced with it in their legal ﬁeld.
BESLS, IPLA, and everyone in attendance would like to thank the panelists and the moderator for an interesting and timely conversation!