Own Goals and Cups of Coffee

We’ve spent a good deal of time here talking about the risks of data breaches and how to create structures that help prevent them. We’ve even talked about common kinds of breaches and what they mean for your business. But, of course, no matter how much we talk about this stuff, there’s a never-ending supply of… Read More

Two (Really Bad) Approaches to Privacy

We’ve reached that time of year when everyone is basically in summer mode – non-work plans being made, last day of school or first day of camp lunches being packed, the inevitable first sunburn (for me, not the kids). It’s the time of year when there’s also a downshift in activity, and (even in the… Read More

Privacy is Everybody’s Business (Or Needs to Be)

It’s been a whirlwind few weeks since GDPR came into effect, and it seems that many people are learning about privacy rights for the first time. Plenty of them are making data subject access or deletion requests, including against the biggest players in the market. Even though there were years’ worth of stories about data… Read More

The Three Pillars of GDPR – Consistency (No. 3)

And so, at long last, the GDPR is the law, and we leave behind the relatively lower standards under the Data Protection Directive.  The Directive, which has been on the books for more than two decades, now passes into obsolescence, like beepers or, in Miami, traffic laws.  Now, we’ll all start to learn what the… Read More

The Three Pillars of GDPR – Security (No. 2)

There are 72 hours to go until GDPR Day (#privmas), and you can almost feel CISOs hoping that, if there’s going to be a breach, it happens today and not on Monday.  We noted once before that Andrea Jelinek, chair of the (very important) Article 29 Working Party deadpanned that “there will be a two… Read More

The Three Pillars of GDPR – Transparency (No. 1)

Two years ago, when the European Commission approved the GDPR and set an effective date for May 25, 2018, I thought “that is such a long time to wait.”  It was a choice out of keeping with American legislative methods, where Congress passes a law and maybe gives an effective date of the following January 1, but… Read More

GDPR Countdown – Two Weeks to Go

As we roll into the final two weeks of our countdown, we’re going to take something of a step back and look at issues more broadly. Yesterday, we discussed Google’s AI, and how we’re all going to be living in the Duplex, as it were. I am (clearly) pretty hung up on this, and have… Read More

GDPR Countdown – Three Weeks to Go

It’s May, which means we’re now in that frantic time period leading up to the GDPR where the biggest concerns loom largest. For some, that’s the documentary obligations under the Regulation, for others it is whether to hire a DPO, but it seems that everyone I talk to is worried about Article 20’s requirement for… Read More

GDPR Countdown – Four Weeks to Go

Living in Miami means we deal with hurricanes. For most Floridians, the response to a Category 1 or 2 storm is to buy enough food for a hurricane party and binge Netflix until the power goes out. A Category 3 means block the windows, and at a Category 4, we’re gone. The problem is that… Read More