Lessons from Facebook and Fortnite

The news just has not been kind to Facebook the last three months. First the Cambridge Analytica scandal breaks, then the company runs those wrong-footed commercials (“Sorry for selling access to your data and, you know, for stuff like Brexit“), and now comes the revelation that the apologies needed to go much deeper. Despite an… Read More

The Three Pillars of GDPR – Consistency (No. 3)

And so, at long last, the GDPR is the law, and we leave behind the relatively lower standards under the Data Protection Directive.  The Directive, which has been on the books for more than two decades, now passes into obsolescence, like beepers or, in Miami, traffic laws.  Now, we’ll all start to learn what the… Read More

The Three Pillars of GDPR – Security (No. 2)

There are 72 hours to go until GDPR Day (#privmas), and you can almost feel CISOs hoping that, if there’s going to be a breach, it happens today and not on Monday.  We noted once before that Andrea Jelinek, chair of the (very important) Article 29 Working Party deadpanned that “there will be a two… Read More

The Three Pillars of GDPR – Transparency (No. 1)

Two years ago, when the European Commission approved the GDPR and set an effective date for May 25, 2018, I thought “that is such a long time to wait.”  It was a choice out of keeping with American legislative methods, where Congress passes a law and maybe gives an effective date of the following January 1, but… Read More

GDPR Countdown – Two Weeks to Go

As we roll into the final two weeks of our countdown, we’re going to take something of a step back and look at issues more broadly. Yesterday, we discussed Google’s AI, and how we’re all going to be living in the Duplex, as it were. I am (clearly) pretty hung up on this, and have… Read More

“OK Google – Is this Legal?”

Machine learning and artificial intelligence are the “it” buzzwords of mid-2018, and even after our short attention spans turn to something else, the concepts behind the words will continue to evolve. Everyone talks about Skynet and the inevitable rise of our robot overlords, and most of the time they’re joking (other than when they show our friends the Boston… Read More

GDPR Countdown – Five Weeks to Go

My kids have a tendency to throw rules of evidence around at one another when they’re arguing because, you know: lawyer kids. One of my favorite lines is “you have no evidence at all that I did that!” which is usually called out despite blatant, overwhelming proof to the contrary, like the culprit being covered in… Read More

The Scariest Data Breach So Far This Year

I could do a blog exclusively on data breaches because they happen so frequently that I’d never run out of material. Eight hours ago, the Supreme Court of India’s website was hacked, apparently by “HighTech Brazil Hackteam.” I imagine that they’re either a group of highly motivated lawyers or, given their logo, a group of very high teenagers. Read More

Recognizing the Risks of a Malicious Insider

Data security is a complicated thing, and it’s made much more complicated by the human element. The vast majority of breaches are a result of error, negligence, or intentional misconduct. And that misconduct isn’t always a hacker (invariably, he’s wearing a hoodie) – many times, it’s a malicious insider in your own company who steals or facilitates the theft of your crucial data. Understanding the risks of malicious insiders is a vital part of avoiding a breach, and being #datasmart. Read More

GDPR Countdown – 9 Weeks to Go

So I’m buying some Under Armour shorts at Saks when I suddenly get a craving for Panera.

What a difference a week makes. With new breaches and investigations beginning seemingly every day (Under Armour, Saks, Panera, all in the last five days), it raises a critical, and practical, issue: how are regulators going to approach data security enforcement after May 25?

We’re entering the home stretch of the GDPR countdown now, with just about two months to go. At this point, you may or may not have realized that you need good advice about what to do and how to do it. Ideally, you’ve started the process of implementing a thoughtful data security plan (or have at least thought about thinking about it). Read More

Top Takeaways from the IAPP Global Privacy Summit 2018

Top 5 Takeaways from this year’s IAPP Data Privacy Summit (#GPS18). We’ve heard from regulators, industry leaders, and specialists in every topic from facial recognition to ethical use of data. It’s an incredible event, and one that every privacy professional should consider attending – the swag ain’t bad either. Read More

🎧 E8 Podcast: Interview with Cookiebot CEO on Technical Solutions to GDPR Readiness

Do you have cookies on your website?

Of course, you do! [In fact, almost every website in existence utilizes cookies now]

With GDPR on the way, the time to come into compliance is now, and the Ward brothers are interviewing a great SaaS solution Founder and CEO, Daniel Johannsen.

Mr. Johannsen explains how Cookiebot can analyze any site and identify the necessary changes to be compliant while ensuring a great user experience. Read More

Data Security in the Air

I was traveling last week, and as I answered some emails mid-flight over North Carolina, I remembered how complicated (and outrageously expensive) it used to be to make a phone call from an aircraft. You remember: Airfone. Now, we take for granted the ability to get connected at 30,000 feet and get annoyed when we can’t stream Netflix for ten minutes without a buffering lag. Read More

The FTC Annual Report: Consumer Expectations and Company Followthrough

2017 was an eventful year for the FTC’s efforts to hold its place as the most important regulator of privacy and data security in the United States.  Although no regulator has broader reach or more influence, other agencies and states have begun to stake out their own claim to regulatory authority, and many of them did so last year.  The FCC, the CFPB, the SEC, even the New York State Department of Financial Services have all issued new regulations, and each will likely attempt to increase their influence and authority in 2018. Read More

Who’s the Boss?

One question I hear from clients all the time is “who has to be the decision maker about data security?” Companies that have a C-Suite will rely on a Chief Information Officer (CIO), a Chief Technology Officer (CTO), or even a Chief Information Security Officer (CISO).  These are great options, and worth discussing on their own.  Other companies place the responsibility in the head of IT or with whoever oversees compliance issues.  There is no one-size solution to overseeing data security, but it’s important to ask the question. Read More

The Year of DataSec

Every year, we’re told, is going to be the “Year of Data Security,” the year when everyone starts to recognize the importance of protecting data and securing information. That prediction is about as helpful as saying that this will be the year when everyone obsesses over a different meme each month – it’s both obviously correct and so overly broad as to mean very little. We hear it, maybe agree with it, and then go back to whatever we were doing. Same old, same old. Read More