E20: Artificial Intelligence vs Data Minimization & GDPR (Podcast)

The opportunities for Artificial Intelligence to transform humanity are enormous. We are seriously excited. However, there are issues with amassing the amount of data necessary for these machine learning based solutions. To become “intelligent” (whether artificially or not) requires immense data and knowledge, and the ability to recall that knowledge. Data Minimization, as a concept,… Read More

Data Security for Dummi…I Mean, for Lawyers

Today we’ll talk about something near and dear to my heart: data security for lawyers. I recognize that this is not a topic that many lawyers want to discuss, or one that they feel comfortable discussing.  But the reality is that data security is an important part of being a lawyer, even if it’s not… Read More

There Definitely Won’t be a Federal Data Privacy Law. (Maybe. We’ll See.)

“There’s no way the federal government is going to create a federal privacy law.”  “It’s just not going to happen.”  “Not a chance, no way, forget it.”  “There isn’t a political will in Washington to get it done, and so we can all just assume that it’ll all be only the states issuing regulations for… Read More

GDPR Three Month Checkup (And Three Issues to Watch)

It’s been just about three months since the GPDR went into effect, it’s what makes sense for many people right now to be wondering just how the whole process is going. After all, it was all anyone in the media wanted to talk about for months leading up to May 25. Now? There doesn’t seem… Read More

Own Goals and Cups of Coffee

We’ve spent a good deal of time here talking about the risks of data breaches and how to create structures that help prevent them. We’ve even talked about common kinds of breaches and what they mean for your business. But, of course, no matter how much we talk about this stuff, there’s a never-ending supply of… Read More

E18: ICANN Loses First GDPR Court Ruling in Germany

In this episode of the “Are You DataSmart?” podcast, the Ward brothers discuss the first court ruling on GDPR that went against ICANN, the non-profit domains platform that powers the internet. What is so fascinating about this first decision is that it specifically puts “data minimization” on display. It isn’t a theory anymore! PODCAST TRANSCRIPT… Read More

E17: Carpenter Decision Builds Up Privacy from #SCOTUS

In this episode of “Are You DataSmart?” we examine the Supreme Court’s most important ruling on privacy in Carpenter v. United States. It is a major development in privacy law, laying the foundation for an interpretation of the Fourth Amendment that protects against generalized government surveillance by electronic means. Together with United States v. Jones, it brings… Read More

The Carpenter Decision

The Supreme Court has issued this year’s most important ruling on privacy in Carpenter v. United States. It is a major development in privacy law, laying the foundation for an interpretation of the Fourth Amendment that protects against generalized government surveillance by electronic means. Together with United States v. Jones, it brings Fourth Amendment jurisprudence into the… Read More

E16: GDPR Induces Amnesia – (🎧Podcast)

Episode 16 of the “Are You DataSmart” Podcast covers the major operational issues caused Article 17 of the GDPR, Right to erasure (‘right to be forgotten’). Deleting records causes amnesia-like symptoms for businesses and will afflict every business that receives a withdrawal of consent or a notice to erase data about an individual or data subject. Specifically: The… Read More

Two (Really Bad) Approaches to Privacy

We’ve reached that time of year when everyone is basically in summer mode – non-work plans being made, last day of school or first day of camp lunches being packed, the inevitable first sunburn (for me, not the kids). It’s the time of year when there’s also a downshift in activity, and (even in the… Read More

Privacy is Everybody’s Business (Or Needs to Be)

It’s been a whirlwind few weeks since GDPR came into effect, and it seems that many people are learning about privacy rights for the first time. Plenty of them are making data subject access or deletion requests, including against the biggest players in the market. Even though there were years’ worth of stories about data… Read More

Why the LabMD Case is So Important

Yesterday, the Eleventh Circuit Court of Appeals issued a long-awaited ruling in a case called LabMD v. FTC.  Followers of the case will tell you that it has been, to put it mildly, an interesting saga, and it hits on the biggest data related issues of the past fifteen years.  The ruling has serious implications for… Read More

Lessons from Facebook and Fortnite

The news just has not been kind to Facebook the last three months. First the Cambridge Analytica scandal breaks, then the company runs those wrong-footed commercials (“Sorry for selling access to your data and, you know, for stuff like Brexit“), and now comes the revelation that the apologies needed to go much deeper. Despite an… Read More

An American (Well, Californian) GDPR

You’ve taken all the steps – shut down EU operations, turned off German language translation, and ceased taking Euros.  You canned the entire PR department in Dublin and moved your cloud storage from Charleroi to Sheboygan. You’ve even put up a giant American flag on the website. And just when you thought it was safe… Read More

The Three Pillars of GDPR – Consistency (No. 3)

And so, at long last, the GDPR is the law, and we leave behind the relatively lower standards under the Data Protection Directive.  The Directive, which has been on the books for more than two decades, now passes into obsolescence, like beepers or, in Miami, traffic laws.  Now, we’ll all start to learn what the… Read More

The Three Pillars of GDPR – Security (No. 2)

There are 72 hours to go until GDPR Day (#privmas), and you can almost feel CISOs hoping that, if there’s going to be a breach, it happens today and not on Monday.  We noted once before that Andrea Jelinek, chair of the (very important) Article 29 Working Party deadpanned that “there will be a two… Read More

E14: The Three Pillars of GDPR (🎧PODCAST)

The three pillars of GDPR are transparency, security, and consistency. Regulators have stated they see transparency as the central point, but the other two are equally important. When a natural person asks your company for a Data Subject Access Requests (DSAR), how will you react? The Ward brothers explain what companies need to expect within… Read More