Transparency is one of the principles driving recent developments in data privacy and data security. We’ve spent a lot of time discussing how important it is to be open with consumers and data subjects, to give them a clear idea of how their data is used, and why. The primary reason for this is to… Read More
It’s Data Protection Day, the happiest day of the year! A year ago, we were talking about the changes that GDPR would bring, and how to gear up operations to ensure that you didn’t violate the law or mislead your customers. The premise was simple: transparency is a fundamental precept under GDPR (and US law),… Read More
Now that it’s January and everyone is finally returning to the reality where things don’t always taste like peppermint or eggnog (or both, which is just….no), it’s a good time to think about how you’re going to approach 2019. This time of year is rife with predictions and, more often, guesses about what privacy, tech,… Read More
Last week, I attended the 40th ICDPPC in Brussels, which is the global meeting of all privacy and data security regulators. The theme of the conference was “Debating Ethics,” and it was a deep dive into the interplay between digital commerce, regulation, and human dignity. There were representatives from around the globe, of course, but… Read More
Well, it has been a little more than 90 days since the GDPR “went live”. In this episode of “Are You DataSmart?” the Ward brothers break down the initial global response to GDPR, the rise and fall of DSARs, and two other issues that will be critical to watch as GDPR continues to re-shape the… Read More
It’s been just about three months since the GPDR went into effect, it’s what makes sense for many people right now to be wondering just how the whole process is going. After all, it was all anyone in the media wanted to talk about for months leading up to May 25. Now? There doesn’t seem… Read More
We’ve spent a good deal of time here talking about the risks of data breaches and how to create structures that help prevent them. We’ve even talked about common kinds of breaches and what they mean for your business. But, of course, no matter how much we talk about this stuff, there’s a never-ending supply of… Read More
We’ve reached that time of year when everyone is basically in summer mode – non-work plans being made, last day of school or first day of camp lunches being packed, the inevitable first sunburn (for me, not the kids). It’s the time of year when there’s also a downshift in activity, and (even in the… Read More
It’s been a whirlwind few weeks since GDPR came into effect, and it seems that many people are learning about privacy rights for the first time. Plenty of them are making data subject access or deletion requests, including against the biggest players in the market. Even though there were years’ worth of stories about data… Read More
And so, at long last, the GDPR is the law, and we leave behind the relatively lower standards under the Data Protection Directive. The Directive, which has been on the books for more than two decades, now passes into obsolescence, like beepers or, in Miami, traffic laws. Now, we’ll all start to learn what the… Read More
There are 72 hours to go until GDPR Day (#privmas), and you can almost feel CISOs hoping that, if there’s going to be a breach, it happens today and not on Monday. We noted once before that Andrea Jelinek, chair of the (very important) Article 29 Working Party deadpanned that “there will be a two… Read More
Two years ago, when the European Commission approved the GDPR and set an effective date for May 25, 2018, I thought “that is such a long time to wait.” It was a choice out of keeping with American legislative methods, where Congress passes a law and maybe gives an effective date of the following January 1, but… Read More
It has been amazing to watch the GDPR grip public attention in a way that no data security or privacy law ever has. I mean, when GQ is writing articles about it, you know something big is going on. The coverage has ranged from the thoughtful to the paranoid, and most of it really misses… Read More
As we roll into the final two weeks of our countdown, we’re going to take something of a step back and look at issues more broadly. Yesterday, we discussed Google’s AI, and how we’re all going to be living in the Duplex, as it were. I am (clearly) pretty hung up on this, and have… Read More
It’s May, which means we’re now in that frantic time period leading up to the GDPR where the biggest concerns loom largest. For some, that’s the documentary obligations under the Regulation, for others it is whether to hire a DPO, but it seems that everyone I talk to is worried about Article 20’s requirement for… Read More
Living in Miami means we deal with hurricanes. For most Floridians, the response to a Category 1 or 2 storm is to buy enough food for a hurricane party and binge Netflix until the power goes out. A Category 3 means block the windows, and at a Category 4, we’re gone. The problem is that… Read More
My kids have a tendency to throw rules of evidence around at one another when they’re arguing because, you know: lawyer kids. One of my favorite lines is “you have no evidence at all that I did that!” which is usually called out despite blatant, overwhelming proof to the contrary, like the culprit being covered in… Read More
It’s easy to think about data as a depersonalized set of information that we can use for whatever purpose we want. But complying with GDPR will require a change of mind and a change of approach to data, and especially data subjects. Businesses that cannot navigate between unrestrained use of information and the lofty — and potentially unachievable — goals of the GDPR will struggle after May 25. How will you chart your course? Read More
There were quite a few data breaches in the news this week, and the media makes it seem there’s a breach a day. That’s fake news, folks: there are way more than one a day.
It’s no secret that the GDPR imposes strict new requirements for preventing, detecting, resolving, and reporting data breaches, and similarly strict penalties when companies fall short. Sometimes it may appear like you’re facing risks from hackers and regulators alike. But it doesn’t have to be so. Taking a datasmart approach to security and compliance can help keep you out of the crosshairs and out of the courtroom. Read More
So I’m buying some Under Armour shorts at Saks when I suddenly get a craving for Panera.
What a difference a week makes. With new breaches and investigations beginning seemingly every day (Under Armour, Saks, Panera, all in the last five days), it raises a critical, and practical, issue: how are regulators going to approach data security enforcement after May 25?
We’re entering the home stretch of the GDPR countdown now, with just about two months to go. At this point, you may or may not have realized that you need good advice about what to do and how to do it. Ideally, you’ve started the process of implementing a thoughtful data security plan (or have at least thought about thinking about it). Read More