The Scariest Data Breach So Far This Year

I could do a blog exclusively on data breaches because they happen so frequently that I’d never run out of material. Eight hours ago, the Supreme Court of India’s website was hacked, apparently by “HighTech Brazil Hackteam.” I imagine that they’re either a group of highly motivated lawyers or, given their logo, a group of very high teenagers. Read More

GDPR Countdown – Six Weeks to Go

It’s easy to think about data as a depersonalized set of information that we can use for whatever purpose we want. But complying with GDPR will require a change of mind and a change of approach to data, and especially data subjects. Businesses that cannot navigate between unrestrained use of information and the lofty — and potentially unachievable — goals of the GDPR will struggle after May 25. How will you chart your course? Read More

Recognizing the Risks of a Malicious Insider

Data security is a complicated thing, and it’s made much more complicated by the human element. The vast majority of breaches are a result of error, negligence, or intentional misconduct. And that misconduct isn’t always a hacker (invariably, he’s wearing a hoodie) – many times, it’s a malicious insider in your own company who steals or facilitates the theft of your crucial data. Understanding the risks of malicious insiders is a vital part of avoiding a breach, and being #datasmart. Read More

GDPR Countdown – 8 Weeks to Go

There were quite a few data breaches in the news this week, and the media makes it seem there’s a breach a day. That’s fake news, folks: there are way more than one a day.

It’s no secret that the GDPR imposes strict new requirements for preventing, detecting, resolving, and reporting data breaches, and similarly strict penalties when companies fall short. Sometimes it may appear like you’re facing risks from hackers and regulators alike. But it doesn’t have to be so. Taking a datasmart approach to security and compliance can help keep you out of the crosshairs and out of the courtroom. Read More

E10 🎧Podcast: Don’t Come At Under Armour, Bro – The New Privacy Breach Normal

Under Armour, Saks, and Panera, all announce privacy hacks and major data breaches within the last few days. We are learning more each day how each company responded, the good and the bad.

In this episode of “Are You DataSmart?”, the Ward brothers dissect health data, like the kind popular in fitness apps as well as the “don’t throw stones in glass houses” aspect of data breaches. About 60% of larger corporations have been hacked according to a Duke University and CFO Magazine analysis in 2015. Read More

E9: IAPP Global Privacy Summit Recap, Big Questions, and Indiana Jones Analogies

“We have top men working on it right now.” – Government Bureaucrat.
“Who?” – Indiana Jones
“… Top… Men…” – Government Bureaucrat
If you know this iconic scene from Indiana Jones and the Raiders of the Lost Ark, then you know it comes following the epic search and recovery of the Lost Ark by Indiana Jones.  And that exact feeling of confusion seemed to permeate some of the raw details of how the GDPR and other regulations will actually be governed and executed by regulatory authorities. Read More

GDPR Countdown – 9 Weeks to Go

So I’m buying some Under Armour shorts at Saks when I suddenly get a craving for Panera.

What a difference a week makes. With new breaches and investigations beginning seemingly every day (Under Armour, Saks, Panera, all in the last five days), it raises a critical, and practical, issue: how are regulators going to approach data security enforcement after May 25?

We’re entering the home stretch of the GDPR countdown now, with just about two months to go. At this point, you may or may not have realized that you need good advice about what to do and how to do it. Ideally, you’ve started the process of implementing a thoughtful data security plan (or have at least thought about thinking about it). Read More

Top Takeaways from the IAPP Global Privacy Summit 2018

Top 5 Takeaways from this year’s IAPP Data Privacy Summit (#GPS18). We’ve heard from regulators, industry leaders, and specialists in every topic from facial recognition to ethical use of data. It’s an incredible event, and one that every privacy professional should consider attending – the swag ain’t bad either. Read More

🎧 E8 Podcast: Interview with Cookiebot CEO on Technical Solutions to GDPR Readiness

Do you have cookies on your website?

Of course, you do! [In fact, almost every website in existence utilizes cookies now]

With GDPR on the way, the time to come into compliance is now, and the Ward brothers are interviewing a great SaaS solution Founder and CEO, Daniel Johannsen.

Mr. Johannsen explains how Cookiebot can analyze any site and identify the necessary changes to be compliant while ensuring a great user experience. Read More

E7: The DataSmart Method of Valuing Data Assets

Is your data valuable? Might be. Is all data valuable? Nope. How do you construct a data strategy that identifies what is valuable quickly so you can keep the good and dump the rest? 

In the second step of the DataSmart Method, the Ward brothers walk through a valuation approach to data assets designed to be done quickly. This ensures you focus on the data assets and partnerships strategies early on in your evaluation. Read More

Are you DataSmart? An Introduction to the DataSmart Method

“Are you DataSmart?” is the question we keep asking our clients and friends. Frankly, “are you datasmart” is the question that drives our entire practice, because we think it represents the intersection of data security, law, and technology. We want every one of our clients to be datasmart, because if you aren’t examining all of those issues and how they interact, you’re going to fall behind. 

So what exactly does it mean to be datasmart? Read More

E6: The Long Arm of the Law. Data Regulators

FTC, FCC, SEC, NYDFS, AGs… you name it, the acronym exists! There are countless regulators that are weighing in on Data Privacy. As #GDPR approaches and stories about data misuse or breach mount up, you need to know the regulatory players.

In this episode of “Are You DataSmart?” the Ward brothers discuss how each government, department, and even State regulator will likely be involved in data privacy and data security. Read More

Loose or Tight Fit? Data Partnership Strategies in Voice Solutions

If you don’t read The Information, you probably should start. 

Their recent report on Apple’s Siri and the struggle to help Siri’s experience improve is a fascinating dive into the pros and cons of an open ecosystem approach. For many companies like Apple, Amazon, Samsung, and Google, the desire to improve user experiences has to be measured against the impending chaos that can consume a project when “too open”. Read More

GDPR Countdown – 11 Weeks to Go

A client recently asked me what I think are the biggest risks for companies regarding the GDPR. I had to think, because the question requires a straight answer, and lawyer answers are rarely direct. The first answer is probably “it’s pretty risky not to know that the GDPR exists.” Brussels is not going to accept the “oh wait what is this?” defense. But even for a company that understands GDPR basics (data security by design, robust consent, transparency), the biggest concern I have is about data transfers – transfers from one company to another, and transfers from one country to another. Read More

E4: The Case for Data Security & IAPP Certification

In episode 4 of the “Are You DataSmart?” podcast, the Ward brothers discuss the balance between technology, policy, and execution of data security. The first two should assist with the third, execution, but that doesn’t always work out…

GDPR, ePrivacy Regulation, and the general topics of data protection require that you and your company take a proactive approach to data security and working with certified IAPP members may be a great way to get started. Read More

E5: An Introduction to Data Partnership Strategy

In the upcoming book, Data Partnership Strategy, the Ward brothers tackle the best way to create a comprehensive data strategy that positions companies for success with their data assets.

In episode 5 of “Are You DataSmart?” the Wards break down the initial starting points for every business when building their data partnership strategy. The ability to identify available data to any business across internal and external data sources is the first critical step in the DataSmart Method. Read More

Blockchain, Bitcoin and Some Serious Struggles Ahead with GDPR

It’s 2018, so we can’t go ten minutes without hearing the words “blockchain,” “Bitcoin,” or “Tide pods.” I only want to talk about the first two because, honestly, enough with the Tide pods, people. (Please end this meme, Internet).

If you’ve asked what Bitcoin is, someone has likely explained it to you by saying something along the lines of: “Bitcoin is a cryptocurrency based on blockchain transactions recorded in a distributed ledger and is, therefore, virtually unhackable.” That explanation brings on two follow up questions: Read More

E3: Are You DataSmart? Cookies, ePrivacy Regulation, and What’s Next

Cookies are amazing. Whether chocolate chip or the 1×1 pixel type dropped on your browser session. But GDPR and more specifically, the ePrivacy Regulation, have a lot to say about how cookies will be managed and used going forward.

And what about the business benefits? The ROI on re-targeting (that creepy advertisement following you all over the internet) has been shown to be really compelling. So how do businesses not run afoul of cookie usage! Read More

E2: Are You DataSmart? tackles the DPO, FTC, and several other TLAs

In our second part of an introduction to the legality surrounding data privacy, the “Are You DataSmart” podcast discusses the need for DPOs (or not) and how the FTC is likely to respond to some of the significant changes brought on globally by the GDPR.

Data Minimization is a concept alien to many organizations. The business theory around “keep all data!” has been very popular in the last few years and the Ward brothers introduce the natural tension between keeping data and staying compliant. Read More