Lost in Translation, or “Mayday”

Given my practice, it probably isn’t surprising that I hear data and technology related buzzwords all the time, and often they’re just strung together in an incoherent jumble. “Blockchain crypto machine learning AI alakazam.” Usually this jumble is followed by a statement like “it’s changing the world, man,” at which point I always know that… Read More

GDPR Countdown – Four Weeks to Go

Living in Miami means we deal with hurricanes. For most Floridians, the response to a Category 1 or 2 storm is to buy enough food for a hurricane party and binge Netflix until the power goes out. A Category 3 means block the windows, and at a Category 4, we’re gone. The problem is that… Read More

E10 🎧Podcast: Don’t Come At Under Armour, Bro – The New Privacy Breach Normal

Under Armour, Saks, and Panera, all announce privacy hacks and major data breaches within the last few days. We are learning more each day how each company responded, the good and the bad.

In this episode of “Are You DataSmart?”, the Ward brothers dissect health data, like the kind popular in fitness apps as well as the “don’t throw stones in glass houses” aspect of data breaches. About 60% of larger corporations have been hacked according to a Duke University and CFO Magazine analysis in 2015. Read More

E9: IAPP Global Privacy Summit Recap, Big Questions, and Indiana Jones Analogies

“We have top men working on it right now.” – Government Bureaucrat.
“Who?” – Indiana Jones
“… Top… Men…” – Government Bureaucrat
If you know this iconic scene from Indiana Jones and the Raiders of the Lost Ark, then you know it comes following the epic search and recovery of the Lost Ark by Indiana Jones.  And that exact feeling of confusion seemed to permeate some of the raw details of how the GDPR and other regulations will actually be governed and executed by regulatory authorities. Read More

E7: The DataSmart Method of Valuing Data Assets

Is your data valuable? Might be. Is all data valuable? Nope. How do you construct a data strategy that identifies what is valuable quickly so you can keep the good and dump the rest? 

In the second step of the DataSmart Method, the Ward brothers walk through a valuation approach to data assets designed to be done quickly. This ensures you focus on the data assets and partnerships strategies early on in your evaluation. Read More

Are you DataSmart? An Introduction to the DataSmart Method

“Are you DataSmart?” is the question we keep asking our clients and friends. Frankly, “are you datasmart” is the question that drives our entire practice, because we think it represents the intersection of data security, law, and technology. We want every one of our clients to be datasmart, because if you aren’t examining all of those issues and how they interact, you’re going to fall behind. 

So what exactly does it mean to be datasmart? Read More

E6: The Long Arm of the Law. Data Regulators

FTC, FCC, SEC, NYDFS, AGs… you name it, the acronym exists! There are countless regulators that are weighing in on Data Privacy. As #GDPR approaches and stories about data misuse or breach mount up, you need to know the regulatory players.

In this episode of “Are You DataSmart?” the Ward brothers discuss how each government, department, and even State regulator will likely be involved in data privacy and data security. Read More

Loose or Tight Fit? Data Partnership Strategies in Voice Solutions

If you don’t read The Information, you probably should start. 

Their recent report on Apple’s Siri and the struggle to help Siri’s experience improve is a fascinating dive into the pros and cons of an open ecosystem approach. For many companies like Apple, Amazon, Samsung, and Google, the desire to improve user experiences has to be measured against the impending chaos that can consume a project when “too open”. Read More

GDPR Countdown – 11 Weeks to Go

A client recently asked me what I think are the biggest risks for companies regarding the GDPR. I had to think, because the question requires a straight answer, and lawyer answers are rarely direct. The first answer is probably “it’s pretty risky not to know that the GDPR exists.” Brussels is not going to accept the “oh wait what is this?” defense. But even for a company that understands GDPR basics (data security by design, robust consent, transparency), the biggest concern I have is about data transfers – transfers from one company to another, and transfers from one country to another. Read More

E4: The Case for Data Security & IAPP Certification

In episode 4 of the “Are You DataSmart?” podcast, the Ward brothers discuss the balance between technology, policy, and execution of data security. The first two should assist with the third, execution, but that doesn’t always work out…

GDPR, ePrivacy Regulation, and the general topics of data protection require that you and your company take a proactive approach to data security and working with certified IAPP members may be a great way to get started. Read More

E5: An Introduction to Data Partnership Strategy

In the upcoming book, Data Partnership Strategy, the Ward brothers tackle the best way to create a comprehensive data strategy that positions companies for success with their data assets.

In episode 5 of “Are You DataSmart?” the Wards break down the initial starting points for every business when building their data partnership strategy. The ability to identify available data to any business across internal and external data sources is the first critical step in the DataSmart Method. Read More

Blockchain, Bitcoin and Some Serious Struggles Ahead with GDPR

It’s 2018, so we can’t go ten minutes without hearing the words “blockchain,” “Bitcoin,” or “Tide pods.” I only want to talk about the first two because, honestly, enough with the Tide pods, people. (Please end this meme, Internet).

If you’ve asked what Bitcoin is, someone has likely explained it to you by saying something along the lines of: “Bitcoin is a cryptocurrency based on blockchain transactions recorded in a distributed ledger and is, therefore, virtually unhackable.” That explanation brings on two follow up questions: Read More

E3: Are You DataSmart? Cookies, ePrivacy Regulation, and What’s Next

Cookies are amazing. Whether chocolate chip or the 1×1 pixel type dropped on your browser session. But GDPR and more specifically, the ePrivacy Regulation, have a lot to say about how cookies will be managed and used going forward.

And what about the business benefits? The ROI on re-targeting (that creepy advertisement following you all over the internet) has been shown to be really compelling. So how do businesses not run afoul of cookie usage! Read More

E2: Are You DataSmart? tackles the DPO, FTC, and several other TLAs

In our second part of an introduction to the legality surrounding data privacy, the “Are You DataSmart” podcast discusses the need for DPOs (or not) and how the FTC is likely to respond to some of the significant changes brought on globally by the GDPR.

Data Minimization is a concept alien to many organizations. The business theory around “keep all data!” has been very popular in the last few years and the Ward brothers introduce the natural tension between keeping data and staying compliant. Read More

GDPR Countdown – 13 Weeks to Go

It’s March, which means we’re only two and a half months away from the GDPR. It also means we’re two weeks away from workplace productivity in the US dropping by about 70% as everyone streams college basketball all day. Frankly, it’s one of this country’s great, and most civilized traditions: pretending to be reviewing last quarter’s financial reports, but really watching intently in the hopes that FGCU is going to pull off the upset. We love the David-and-Goliath/Cinderella/Other Metaphor stories in the Tournament because it’s great to see a team with substantially fewer resources and superstars manage, through great play, to best one of the big guys. Read More

Basic Data Security, Passwords, and Entropy

An interesting chart is working its way around the internet showing that the number of serious data breaches in the US has soared from around 400 in 2007 to over 1,300 in 2017. The chart itself isn’t what’s interesting, because (a) the number of breaches is always rising and (b) a good half, or more, of breaches are unreported anyway. No, what’s interesting is that this chart should be newsworthy at all – to me, it is definitely a “dog bites man” kind of story. It makes perfect sense there are more breaches now than ever because there are more users, more devices, and more cybercriminals than ever. In ten years, there’ll be even more of all three. Read More

GDPR Countdown – 14 Weeks to Go

Among the mis/disinformation about GDPR readiness, I’ve noticed two trends. First, there are some who take a ho-hum approach to data security and advocate a wait-and-see approach to GDPR enforcement. That’s…that’s just a terrible idea, for reasons I hope are clear to you by now. The second trend is to go way too far in the other direction, and essentially argue that every company on earth will need to be fully GDPR compliant on May 25. I know, imagine it, something that’s not true made its way onto the internet. After predictions of doom, this latter group typically say that they are the solution to your woes, and make a strong pitch that you should hire them to be your Data Protection Officer (“DPO”), because the GDPR mandates that every company needs one, and only they can protect you. Read More