We All Care About Data Security, Except When We Don’t

It should be clear by now that we are most comfortable expressing our thoughts in the form of movie quotes, falling as we do into that demographic of Americans who believe that if you can’t say it with a gif from an 80s movie, you don’t need to say it at all. Really, it works… Read More

Key Takeaways from the International Conference of Data Protection and Privacy Commissioners

Last week, I attended the 40th ICDPPC in Brussels, which is the global meeting of all privacy and data security regulators.  The theme of the conference was “Debating Ethics,” and it was a deep dive into the interplay between digital commerce, regulation, and human dignity.  There were representatives from around the globe, of course, but… Read More

Data Quality, or “Garbage in, Garbage Out”

Another week, another series of massive data breaches.  Of the few we heard about in the last seven days, none are as concerning as Facebook’s breach involving more than 50 million user accounts.  Those are the kinds of numbers that, depending upon how the breach occurred, could incur a massive penalty at the hands of… Read More

GDPR Three Month Checkup (And Three Issues to Watch)

It’s been just about three months since the GPDR went into effect, it’s what makes sense for many people right now to be wondering just how the whole process is going. After all, it was all anyone in the media wanted to talk about for months leading up to May 25. Now? There doesn’t seem… Read More

Two (Really Bad) Approaches to Privacy

We’ve reached that time of year when everyone is basically in summer mode – non-work plans being made, last day of school or first day of camp lunches being packed, the inevitable first sunburn (for me, not the kids). It’s the time of year when there’s also a downshift in activity, and (even in the… Read More

Privacy is Everybody’s Business (Or Needs to Be)

It’s been a whirlwind few weeks since GDPR came into effect, and it seems that many people are learning about privacy rights for the first time. Plenty of them are making data subject access or deletion requests, including against the biggest players in the market. Even though there were years’ worth of stories about data… Read More

The Three Pillars of GDPR – Consistency (No. 3)

And so, at long last, the GDPR is the law, and we leave behind the relatively lower standards under the Data Protection Directive.  The Directive, which has been on the books for more than two decades, now passes into obsolescence, like beepers or, in Miami, traffic laws.  Now, we’ll all start to learn what the… Read More

The Three Pillars of GDPR – Security (No. 2)

There are 72 hours to go until GDPR Day (#privmas), and you can almost feel CISOs hoping that, if there’s going to be a breach, it happens today and not on Monday.  We noted once before that Andrea Jelinek, chair of the (very important) Article 29 Working Party deadpanned that “there will be a two… Read More

The Three Pillars of GDPR – Transparency (No. 1)

Two years ago, when the European Commission approved the GDPR and set an effective date for May 25, 2018, I thought “that is such a long time to wait.”  It was a choice out of keeping with American legislative methods, where Congress passes a law and maybe gives an effective date of the following January 1, but… Read More

GDPR Countdown – Three Weeks to Go

It’s May, which means we’re now in that frantic time period leading up to the GDPR where the biggest concerns loom largest. For some, that’s the documentary obligations under the Regulation, for others it is whether to hire a DPO, but it seems that everyone I talk to is worried about Article 20’s requirement for… Read More

GDPR Countdown – Four Weeks to Go

Living in Miami means we deal with hurricanes. For most Floridians, the response to a Category 1 or 2 storm is to buy enough food for a hurricane party and binge Netflix until the power goes out. A Category 3 means block the windows, and at a Category 4, we’re gone. The problem is that… Read More

GDPR Countdown – Five Weeks to Go

My kids have a tendency to throw rules of evidence around at one another when they’re arguing because, you know: lawyer kids. One of my favorite lines is “you have no evidence at all that I did that!” which is usually called out despite blatant, overwhelming proof to the contrary, like the culprit being covered in… Read More

GDPR Countdown – Six Weeks to Go

It’s easy to think about data as a depersonalized set of information that we can use for whatever purpose we want. But complying with GDPR will require a change of mind and a change of approach to data, and especially data subjects. Businesses that cannot navigate between unrestrained use of information and the lofty — and potentially unachievable — goals of the GDPR will struggle after May 25. How will you chart your course? Read More

GDPR Countdown – 9 Weeks to Go

So I’m buying some Under Armour shorts at Saks when I suddenly get a craving for Panera.

What a difference a week makes. With new breaches and investigations beginning seemingly every day (Under Armour, Saks, Panera, all in the last five days), it raises a critical, and practical, issue: how are regulators going to approach data security enforcement after May 25?

We’re entering the home stretch of the GDPR countdown now, with just about two months to go. At this point, you may or may not have realized that you need good advice about what to do and how to do it. Ideally, you’ve started the process of implementing a thoughtful data security plan (or have at least thought about thinking about it). Read More

Top Takeaways from the IAPP Global Privacy Summit 2018

Top 5 Takeaways from this year’s IAPP Data Privacy Summit (#GPS18). We’ve heard from regulators, industry leaders, and specialists in every topic from facial recognition to ethical use of data. It’s an incredible event, and one that every privacy professional should consider attending – the swag ain’t bad either. Read More

🎧 E8 Podcast: Interview with Cookiebot CEO on Technical Solutions to GDPR Readiness

Do you have cookies on your website?

Of course, you do! [In fact, almost every website in existence utilizes cookies now]

With GDPR on the way, the time to come into compliance is now, and the Ward brothers are interviewing a great SaaS solution Founder and CEO, Daniel Johannsen.

Mr. Johannsen explains how Cookiebot can analyze any site and identify the necessary changes to be compliant while ensuring a great user experience. Read More

GDPR Countdown – 15 Weeks to Go

I was working with my son on his homework last night, and before we began, I had to look in his backpack to find a pencil. I assumed it would be a fairly simple task: open a compartment and there it would be. In fact, it was a ten minute exercise of sorting through a nearly unbelievable assortment of items. His bag included (I’m not kidding), about twenty small heart-shaped erasers (a Valentine’s gift, no doubt), eight medium-large rocks, five small rubber balls, a Highlights magazine, two handfuls of pine tree bark, the entire Narnia series, and a fruit roll-up wrapper. Which brings me to the perfect analogy for how companies treat data. Read More

Are China’s Companies Ready for GDPR?

One of the most frequently discussed aspects of the GDPR is its global scope – if a data controller is established in the EU or if it markets its goods or services in the EU, then the Regulation generally applies. For the most part, practical and scholarly analysis has focused on how that will affect businesses in the United States. Given the drama surrounding the end of the Safe Harbor and the (likely) drama surrounding Privacy Shield, there’s no shortage of interesting things to say on EU-US data issues. Read More