With the IAPP’s PSR 2018 conference just around the corner (see you all in Austin, TX), I have started thinking more about the conference. Originally, I attended the IAPP Academy, prior to becoming PSR, and it was very focused on learning for newer privacy pros. A lot of great conversations are had every year and the insight into different industries was excellent. However, there is one area that many people, specifically newly appointed privacy officers, had concerns about.
Building a program is difficult. Newly appointed privacy officers struggle to know what to, when to do it, or what is or is not effective. Here at Privacy Ref, we recommend taking advantage of resources where you can. Free webinars or white papers can be incredibly advantageous and provide great insight. Where most difficulty arises is in the practical application of knowledge and training. Taking theory into practice is a big step.
One way I have found that works well is simple, table-top exercises. Having a group of privacy pros all together allows for you to run a table-top exercise, bouncing ideas off one another. You learn what to avoid, what pitfalls others have seen, and what was successful. Most importantly, it gives you an opportunity to learn from experiences of others, meaning you can be ready to implement or develop a program before having actually done so.
We have developed these kinds of exercises and started integrating them with our training. This allows us to provide the theory behind building a program, as well as the practicality of actually doing it. While there is always the unexpected outcome that may occur, being ready for as much as possible through training and exercises helps to alleviate some risk. If you want more information about Privacy Ref’s course, including our US Privacy Officer Readiness Training, visit our website.Posted on October 2, 2018 by Ben Siegel - No Comments
I recently read an article published on the Society for Human Resource Management’s website on the prevalence of biometrics in the employment context. Specifically, the author referenced a Spiceworks’ survey of IT professionals from February 2018 that provided, in my mind, surprising results. Continue reading this post…Posted on September 21, 2018 by Kelly Cheary - No Comments
My wife and I went to a favorite pizza place the other day. It is a small chain that has a loyalty program. The server, having seen us on a few other occasions, asked us if we wanted to sign up. All we needed to do was provide an email address, phone number, and name then we would be good to go.
With many of us so busily focused on compliance with the European Union’s General Data Protection Regulation (“GDPR”) – and probably soon to be focused on the new California Consumer Privacy Act – it is easy to neglect (albeit inadvertently) other areas of the world. If you are a company with international operations or are collecting the personal information of non-EU foreign residents, this could be a costly mistake.
Continue reading this post…
Since GDPR was introduced there’s been an upsurge in the number of tools that are available to help you manage your privacy environment. Over the past several weeks our clients have been taking a closer look at some of these. but often they find that the number tools out there that claim to be supportive of GDPR, and many of them are, to be little confusing. While providing this support, many don’t necessarily match what our clients are looking for. So we provided a way to categorize the tools to make it easier our clients understand the privacy tools landscape. Continue reading this post…Posted on by Bob Siegel - No Comments
Most of us have been wrapped up in GDPR preparations for several months. While there are many organizations “not quite there yet”, many others have made great strides towards compliance. As we continue to do assessments for clients, both GDPR and General Privacy, I have been surprised at the frequency of the gap between a privacy official describing their organization’s data subjects, information collected, and business processes with the reality of what is happening.
Continue reading this post…
Starting January 1, 2020, if you are a for-profit company doing business in California, you may have new data privacy compliance obligations. Specifically, California just enacted the California Consumer Privacy Act of 2018 (the country’s strictest data privacy law to date), placing new privacy mandates on certain businesses with respect to the personal information of consumers (defined as natural persons who are California residents). Many aspects of the new law smack of EU-GDPR influences, such as a new and improved (in other words, broader) definition of personal information and the inclusion of guaranteed consumer rights with respect to such personal information. If your business is already in compliance with the EU’s GDPR, the California law will be nothing new to you. For other businesses, however, you have 18 months to get with the program.
Continue reading this post…
Not one to sit idly, twiddling his thumbs while the digital world goes by unchecked, Max Schrems has struck again. As you may recall, Schrems, a young Austrian attorney who became the EU champion of privacy rights, was the driving force behind having the EU-US Safe Harbor rule nullified. Now, on May 25, 2018, his non-profit organization, NOYB (which is actually a slang acronym for “None of Your Business”), celebrated the official implementation of the GDPR by filing four separate complaints against the digital giants Google and Facebook (can you say “déjà vu”?), and two of Facebook’s subsidiaries, Instagram and WhatsApp.
During the IAPP’s most recent Privacy Summit, I was approached with an interesting question. “I am a privacy professional and I know why GDPR is important. I know about the fines and requirements for compliance, but few others at my company do. How do I explain GDPR to my colleagues effectively?” I responded with a quick and simple answer that probably did not cover all the bases, so I wanted to write up some deeper thoughts on the subject.
April 16, 2018
September 21, 2018Continue reading this post...