William Long, Partner
William Long is a global co-leader of Sidley's highly ranked Privacy and Cybersecurity practice and also leads the EU data protection practice at Sidley. William advises international clients on a wide variety of GDPR, data protection, privacy, information security, social media, e-commerce and other regulatory matters.
William has been a member of the European Advisory Board of the International Association of Privacy Professionals (IAPP) and on the DataGuidance panel of data protection lawyers. He is also on the editorial board of e-Health Law & Policy and also assists with dplegal (“data privacy” legal), a networking group of in-house lawyers in life sciences companies examining international data protection issues.
Representative matters have included:
William was previously in-house counsel to one of the world’s largest international financial services groups. He has been a member of a number of working groups in London and Europe looking at the EU regulation of e-commerce and data protection and spent a year at the UK’s Financial Law Panel (established by the Bank of England), as assistant to the Chief Executive working on regulatory issues with online financial services.
William is recognized in Chambers UK 2019 for Data Protection and Information Law, with sources telling the publication he brings “a broad depth of knowledge on the key areas of law,” whilst in the 2017 edition, clients cite him as “very knowledgeable, very practical and always solution-driven.” He is recognized in the LMG Life Sciences Guide 2014 for Intellectual Property and Who’s Who Legal 2017 for TMT. He has also been listed in Best Lawyers 2019 for Privacy & Data Protection Law and Who's Who Legal: Data 2019. William is recognized for both Data Protection, Privacy & Cybersecurity and Pharmaceuticals & Biotechnology in The Legal 500 UK 2017, with clients noting that his “‘forward-thinking and proactive approach keeps him ahead of the curve’” and describing his advice as “‘thorough, timely and on the leading edge.’” He is also included in the 2018 edition of Best Lawyers for Privacy & Data Protection and is listed for Data Security in Who’s Who Legal: UK Global Elite Thought Leaders 2019.
William is also the author of a new book on the EU General Data Protection Regulation and a contributor to a number of books on data protection, including leading legal text books published by BNA in the area of privacy, cloud computing and the use of health data. William has been interviewed widely for his thought leadership, including in such leading publications as the international New York Times, Financial Times, Guardian and writes for a number of publications including Data Protection Law & Policy, Computer Weekly, Cloud Pro and CIO Today.
Develop a COVID-19 Privacy Protocol that adequately addresses what, how and when personal data should and should not be collected, used or shared, as well as the enterprise-wide security measures in place to protect the data in transit and at rest and how long such data should be retained. Revise data privacy and security policies as appropriate.
Vendors and Supply Chain: When entering into new vendor agreements or renewing existing agreements, companies should carry out appropriate due diligence and ensure that proper controls are in place to ensure protection of material or sensitive confidential information or personal data, including diligence on key vendors’ business continuity planning. As companies manage supply chain disruptions, they should focus on: (1) how to minimize the risk; (2) how to prepare for and address force majeure declarations from suppliers and customers; and (3) how to make the company fit for future supply chain disruptions.
Remote Working and Information Security: Companies should regularly communicate with their workforce about common remote-working risks to be alert for. Companies should also identify solutions to help protect against unauthorized access to systems and connections, such as company-approved secure computer software and hardware, devices, Virtual Private Networks (VPNs), email and conference lines, and secure WiFi and data storage accounts. Companies should also review and update their incident response plans as necessary to address the increased risks resulting from remote working and the potential for key stakeholders to be delayed or unresponsive during an incident.
Clinical Trials and Drug Safety: Sponsors should: (i) conduct a risk assessment as the risks and disruptions caused by the pandemic may affect the benefit-risk ratio of a clinical trial – including, as it relates to the ongoing monitoring of the trial; (ii) where required, implement amendments to the protocol to address the risks identified and mitigate their effect on patient safety and data integrity; (iii) ensure they are familiar with the most recent guidance published at both an EU and national Member State level.
.Interactions between Sales Reps and HCPs: Companies will need to assess whether the communications between Sales Reps and HCPs would fall within the scope of the e-Privacy Directive’s requirements as constituting “unsolicited electronic direct marketing” and, in turn, require consent.
From a life sciences regulatory perspective, we expect the pandemic could potentially trigger the adoption of measures authorizing some deviation from the regulatory requirements at EU and Member State level.
More generally, we think COVID-19 and in particular, the increase in remote working will likely accelerate a previously slow shift towards a digital workplace.
However, with this comes huge privacy and information security implications. In turn, companies will need to ensure that whilst embracing technology they also continue to assess and mitigate the risks to the privacy of individuals concerned.
