There Definitely Won’t be a Federal Data Privacy Law. (Maybe. We’ll See.)

“There’s no way the federal government is going to create a federal privacy law.”  “It’s just not going to happen.”  “Not a chance, no way, forget it.”  “There isn’t a political will in Washington to get it done, and so we can all just assume that it’ll all be only the states issuing regulations for… Read More

GDPR Three Month Checkup (And Three Issues to Watch)

It’s been just about three months since the GPDR went into effect, it’s what makes sense for many people right now to be wondering just how the whole process is going. After all, it was all anyone in the media wanted to talk about for months leading up to May 25. Now? There doesn’t seem… Read More

An American (Well, Californian) GDPR

You’ve taken all the steps – shut down EU operations, turned off German language translation, and ceased taking Euros.  You canned the entire PR department in Dublin and moved your cloud storage from Charleroi to Sheboygan. You’ve even put up a giant American flag on the website. And just when you thought it was safe… Read More

The Scariest Data Breach So Far This Year

I could do a blog exclusively on data breaches because they happen so frequently that I’d never run out of material. Eight hours ago, the Supreme Court of India’s website was hacked, apparently by “HighTech Brazil Hackteam.” I imagine that they’re either a group of highly motivated lawyers or, given their logo, a group of very high teenagers. Read More

GDPR Countdown – Six Weeks to Go

It’s easy to think about data as a depersonalized set of information that we can use for whatever purpose we want. But complying with GDPR will require a change of mind and a change of approach to data, and especially data subjects. Businesses that cannot navigate between unrestrained use of information and the lofty — and potentially unachievable — goals of the GDPR will struggle after May 25. How will you chart your course? Read More

Recognizing the Risks of a Malicious Insider

Data security is a complicated thing, and it’s made much more complicated by the human element. The vast majority of breaches are a result of error, negligence, or intentional misconduct. And that misconduct isn’t always a hacker (invariably, he’s wearing a hoodie) – many times, it’s a malicious insider in your own company who steals or facilitates the theft of your crucial data. Understanding the risks of malicious insiders is a vital part of avoiding a breach, and being #datasmart. Read More