The news just has not been kind to Facebook the last three months. First the Cambridge Analytica scandal breaks, then the company runs those wrong-footed commercials (“Sorry for selling access to your data and, you know, for stuff like Brexit“), and now comes the revelation that the apologies needed to go much deeper. Despite an… Read More
And so, at long last, the GDPR is the law, and we leave behind the relatively lower standards under the Data Protection Directive. The Directive, which has been on the books for more than two decades, now passes into obsolescence, like beepers or, in Miami, traffic laws. Now, we’ll all start to learn what the… Read More
There are 72 hours to go until GDPR Day (#privmas), and you can almost feel CISOs hoping that, if there’s going to be a breach, it happens today and not on Monday. We noted once before that Andrea Jelinek, chair of the (very important) Article 29 Working Party deadpanned that “there will be a two… Read More
Two years ago, when the European Commission approved the GDPR and set an effective date for May 25, 2018, I thought “that is such a long time to wait.” It was a choice out of keeping with American legislative methods, where Congress passes a law and maybe gives an effective date of the following January 1, but… Read More
It has been amazing to watch the GDPR grip public attention in a way that no data security or privacy law ever has. I mean, when GQ is writing articles about it, you know something big is going on. The coverage has ranged from the thoughtful to the paranoid, and most of it really misses… Read More
As we roll into the final two weeks of our countdown, we’re going to take something of a step back and look at issues more broadly. Yesterday, we discussed Google’s AI, and how we’re all going to be living in the Duplex, as it were. I am (clearly) pretty hung up on this, and have… Read More
Machine learning and artificial intelligence are the “it” buzzwords of mid-2018, and even after our short attention spans turn to something else, the concepts behind the words will continue to evolve. Everyone talks about Skynet and the inevitable rise of our robot overlords, and most of the time they’re joking (other than when they show our friends the Boston… Read More
One of the things that clients talk to me about the most is how to make sure that the data security plans that they have in place makes sense. If you think about it, much of the advice that you see on the Internet or from talking heads on television is related to companies that… Read More
My kids have a tendency to throw rules of evidence around at one another when they’re arguing because, you know: lawyer kids. One of my favorite lines is “you have no evidence at all that I did that!” which is usually called out despite blatant, overwhelming proof to the contrary, like the culprit being covered in… Read More
I could do a blog exclusively on data breaches because they happen so frequently that I’d never run out of material. Eight hours ago, the Supreme Court of India’s website was hacked, apparently by “HighTech Brazil Hackteam.” I imagine that they’re either a group of highly motivated lawyers or, given their logo, a group of very high teenagers. Read More
Data security is a complicated thing, and it’s made much more complicated by the human element. The vast majority of breaches are a result of error, negligence, or intentional misconduct. And that misconduct isn’t always a hacker (invariably, he’s wearing a hoodie) – many times, it’s a malicious insider in your own company who steals or facilitates the theft of your crucial data. Understanding the risks of malicious insiders is a vital part of avoiding a breach, and being #datasmart. Read More
So I’m buying some Under Armour shorts at Saks when I suddenly get a craving for Panera.
What a difference a week makes. With new breaches and investigations beginning seemingly every day (Under Armour, Saks, Panera, all in the last five days), it raises a critical, and practical, issue: how are regulators going to approach data security enforcement after May 25?
We’re entering the home stretch of the GDPR countdown now, with just about two months to go. At this point, you may or may not have realized that you need good advice about what to do and how to do it. Ideally, you’ve started the process of implementing a thoughtful data security plan (or have at least thought about thinking about it). Read More
Top 5 Takeaways from this year’s IAPP Data Privacy Summit (#GPS18). We’ve heard from regulators, industry leaders, and specialists in every topic from facial recognition to ethical use of data. It’s an incredible event, and one that every privacy professional should consider attending – the swag ain’t bad either. Read More
Do you have cookies on your website?
Of course, you do! [In fact, almost every website in existence utilizes cookies now]
With GDPR on the way, the time to come into compliance is now, and the Ward brothers are interviewing a great SaaS solution Founder and CEO, Daniel Johannsen.
Mr. Johannsen explains how Cookiebot can analyze any site and identify the necessary changes to be compliant while ensuring a great user experience. Read More
I was traveling last week, and as I answered some emails mid-flight over North Carolina, I remembered how complicated (and outrageously expensive) it used to be to make a phone call from an aircraft. You remember: Airfone. Now, we take for granted the ability to get connected at 30,000 feet and get annoyed when we can’t stream Netflix for ten minutes without a buffering lag. Read More
After last night’s State of the Union, it seems like a good time for taking stock and planning for the coming year. Although it’s unlikely that you’ll be interrupted dozens of times with applause (or boos), taking the time to carefully lay out your data strategy and data security plans for the year is good practice and, in some ways, it might even be mandatory. Read More
2017 was an eventful year for the FTC’s efforts to hold its place as the most important regulator of privacy and data security in the United States. Although no regulator has broader reach or more influence, other agencies and states have begun to stake out their own claim to regulatory authority, and many of them did so last year. The FCC, the CFPB, the SEC, even the New York State Department of Financial Services have all issued new regulations, and each will likely attempt to increase their influence and authority in 2018. Read More
One question I hear from clients all the time is “who has to be the decision maker about data security?” Companies that have a C-Suite will rely on a Chief Information Officer (CIO), a Chief Technology Officer (CTO), or even a Chief Information Security Officer (CISO). These are great options, and worth discussing on their own. Other companies place the responsibility in the head of IT or with whoever oversees compliance issues. There is no one-size solution to overseeing data security, but it’s important to ask the question. Read More
Every year, we’re told, is going to be the “Year of Data Security,” the year when everyone starts to recognize the importance of protecting data and securing information. That prediction is about as helpful as saying that this will be the year when everyone obsesses over a different meme each month – it’s both obviously correct and so overly broad as to mean very little. We hear it, maybe agree with it, and then go back to whatever we were doing. Same old, same old. Read More