Who’s Afraid of a Data Breach?

One curious effect of the commonness of data breaches is that we’ve become inured against shock.  It used to be that a sizeable data breach was big news, certainly if the data lost or accessed was of a sensitive nature.  Remember the Target data breach in 2013?  It dominated news cycles for weeks, largely because… Read More

Getting Bad Advice

The Internet is a risky place for “expertise.”  Because it is both a platform and a megaphone, it creates its own multiplier effect for whatever you put into it.  If the arguments of the last few years have proven anything, it’s that even a poorly concocted lie spreads far faster than a well-explained truth, largely… Read More

How to Protect Your Data in a Data Partnership – from “Data Leverage”

We spend an enormous amount of time talking about the benefits of data partnerships but, of course, they aren’t without their risks.  No one enters into a business relationship assuming that everything will go exactly as planned (without serious problems later, anyway).  But how do you identify ways to protect your business, your data, and… Read More

The Undefended Principles of a Free Internet

For most of us who remember a time before widespread access to the Internet (it was mostly Donald Duck games on your Commodore), going online was a decidedly American-feeling affair.  One could be forgiven the thought, given that the largest internet service provider for years was….America Online.  And, largely, that tracked the history and development… Read More

The World’s Toughest Internet Law?

It seems that every time we turn around, there’s new data or Internet legislation on the table that the media describes along the lines of  “similar to the GDPR,” or “GDPR-like.”  It makes sense, of course, given that the GDPR is the most important legislation on privacy in several generations, though it can blur some… Read More

The Seven Deadly (Data Privacy) Sins

One of the questions we hear most frequently is “what are we doing wrong?”  We almost always try to flip that question around into “what can we do better,” because we’re big believers in the notion that providing goals, rather than chastising, creates the right kind of mindset about data privacy and managing a data… Read More

FTC’s Privacy Report Card

It’s that time of year again – the FTC has released its report on enforcement activity in 2018, including its efforts at enforcing privacy promises.  It was, as you might expect, a busy year, with major proceedings instituted against a number of high-profile entities like Uber, Paypal, and Facebook.  Although the total amount in fines… Read More

Zuckerberg Breaks the Internet

Facebook is a paradox.  I don’t know of anyone, anymore, who says that they love the platform or that it delivers them meaningful connections to others.  Addicted?  Sure.  Attached to the convenience of a simple format for communication?  Yeah, that too.  But genuinely happy with what Facebook is and how it delivers its product?  Nope. … Read More

Data Leverage: Unlocking the Surprising Growth Potential of Data Partnerships

We are proud to announce the release of our book, Data Leverage: Unlocking the Surprising Growth Potential of Data Partnerships.  This book, which outlines our approach to establishing partnerships, sharing data, and protecting data assets, is a single-source guide for what we believe the most important aspects of data management programs are.  We could not be… Read More

We All Care About Data Security, Except When We Don’t

It should be clear by now that we are most comfortable expressing our thoughts in the form of movie quotes, falling as we do into that demographic of Americans who believe that if you can’t say it with a gif from an 80s movie, you don’t need to say it at all. Really, it works… Read More

Data Quality, or “Garbage in, Garbage Out”

Another week, another series of massive data breaches.  Of the few we heard about in the last seven days, none are as concerning as Facebook’s breach involving more than 50 million user accounts.  Those are the kinds of numbers that, depending upon how the breach occurred, could incur a massive penalty at the hands of… Read More

Own Goals and Cups of Coffee

We’ve spent a good deal of time here talking about the risks of data breaches and how to create structures that help prevent them. We’ve even talked about common kinds of breaches and what they mean for your business. But, of course, no matter how much we talk about this stuff, there’s a never-ending supply of… Read More

Two (Really Bad) Approaches to Privacy

We’ve reached that time of year when everyone is basically in summer mode – non-work plans being made, last day of school or first day of camp lunches being packed, the inevitable first sunburn (for me, not the kids). It’s the time of year when there’s also a downshift in activity, and (even in the… Read More

Lessons from Facebook and Fortnite

The news just has not been kind to Facebook the last three months. First the Cambridge Analytica scandal breaks, then the company runs those wrong-footed commercials (“Sorry for selling access to your data and, you know, for stuff like Brexit“), and now comes the revelation that the apologies needed to go much deeper. Despite an… Read More

The Three Pillars of GDPR – Security (No. 2)

There are 72 hours to go until GDPR Day (#privmas), and you can almost feel CISOs hoping that, if there’s going to be a breach, it happens today and not on Monday.  We noted once before that Andrea Jelinek, chair of the (very important) Article 29 Working Party deadpanned that “there will be a two… Read More

The Scariest Data Breach So Far This Year

I could do a blog exclusively on data breaches because they happen so frequently that I’d never run out of material. Eight hours ago, the Supreme Court of India’s website was hacked, apparently by “HighTech Brazil Hackteam.” I imagine that they’re either a group of highly motivated lawyers or, given their logo, a group of very high teenagers. Read More

Recognizing the Risks of a Malicious Insider

Data security is a complicated thing, and it’s made much more complicated by the human element. The vast majority of breaches are a result of error, negligence, or intentional misconduct. And that misconduct isn’t always a hacker (invariably, he’s wearing a hoodie) – many times, it’s a malicious insider in your own company who steals or facilitates the theft of your crucial data. Understanding the risks of malicious insiders is a vital part of avoiding a breach, and being #datasmart. Read More

Are China’s Companies Ready for GDPR?

One of the most frequently discussed aspects of the GDPR is its global scope – if a data controller is established in the EU or if it markets its goods or services in the EU, then the Regulation generally applies. For the most part, practical and scholarly analysis has focused on how that will affect businesses in the United States. Given the drama surrounding the end of the Safe Harbor and the (likely) drama surrounding Privacy Shield, there’s no shortage of interesting things to say on EU-US data issues. Read More

Ransomware and Data Security

Last year, I gave a presentation where we discussed ransomware, and how it was a growing industry for cybercriminals.  Ransomware is, well, a lot what it sounds like: malware that locks your data and holds it for a ransom.  You pay (often in bitcoin), or the data is wiped forever.  Ransomware is simple to deploy, easily spread (think: WannaCry), and profitable.  It’s also far more common than you may think: the FBI says that many attacks go unreported, often because companies don’t want to disclose that they’ve been breached. Read More