With the IAPP’s PSR 2018 conference just around the corner (see you all in Austin, TX), I have started thinking more about the conference. Originally, I attended the IAPP Academy, prior to becoming PSR, and it was very focused on learning for newer privacy pros. A lot of great conversations are had every year and the insight into different industries was excellent. However, there is one area that many people, specifically newly appointed privacy officers, had concerns about. Continue reading this post…Posted on October 2, 2018 by Ben Siegel - No Comments
I recently read an article published on the Society for Human Resource Management’s website on the prevalence of biometrics in the employment context. Specifically, the author referenced a Spiceworks’ survey of IT professionals from February 2018 that provided, in my mind, surprising results. Continue reading this post…Posted on September 21, 2018 by Kelly Cheary - No Comments
My wife and I went to a favorite pizza place the other day. It is a small chain that has a loyalty program. The server, having seen us on a few other occasions, asked us if we wanted to sign up. All we needed to do was provide an email address, phone number, and name then we would be good to go.
With many of us so busily focused on compliance with the European Union’s General Data Protection Regulation (“GDPR”) – and probably soon to be focused on the new California Consumer Privacy Act – it is easy to neglect (albeit inadvertently) other areas of the world. If you are a company with international operations or are collecting the personal information of non-EU foreign residents, this could be a costly mistake.
Continue reading this post…
Since GDPR was introduced there’s been an upsurge in the number of tools that are available to help you manage your privacy environment. Over the past several weeks our clients have been taking a closer look at some of these. but often they find that the number tools out there that claim to be supportive of GDPR, and many of them are, to be little confusing. While providing this support, many don’t necessarily match what our clients are looking for. So we provided a way to categorize the tools to make it easier our clients understand the privacy tools landscape. Continue reading this post…Posted on by Bob Siegel - No Comments
Most of us have been wrapped up in GDPR preparations for several months. While there are many organizations “not quite there yet”, many others have made great strides towards compliance. As we continue to do assessments for clients, both GDPR and General Privacy, I have been surprised at the frequency of the gap between a privacy official describing their organization’s data subjects, information collected, and business processes with the reality of what is happening.
Continue reading this post…
Starting January 1, 2020, if you are a for-profit company doing business in California, you may have new data privacy compliance obligations. Specifically, California just enacted the California Consumer Privacy Act of 2018 (the country’s strictest data privacy law to date), placing new privacy mandates on certain businesses with respect to the personal information of consumers (defined as natural persons who are California residents). Many aspects of the new law smack of EU-GDPR influences, such as a new and improved (in other words, broader) definition of personal information and the inclusion of guaranteed consumer rights with respect to such personal information. If your business is already in compliance with the EU’s GDPR, the California law will be nothing new to you. For other businesses, however, you have 18 months to get with the program.
Continue reading this post…
Not one to sit idly, twiddling his thumbs while the digital world goes by unchecked, Max Schrems has struck again. As you may recall, Schrems, a young Austrian attorney who became the EU champion of privacy rights, was the driving force behind having the EU-US Safe Harbor rule nullified. Now, on May 25, 2018, his non-profit organization, NOYB (which is actually a slang acronym for “None of Your Business”), celebrated the official implementation of the GDPR by filing four separate complaints against the digital giants Google and Facebook (can you say “déjà vu”?), and two of Facebook’s subsidiaries, Instagram and WhatsApp.
During the IAPP’s most recent Privacy Summit, I was approached with an interesting question. “I am a privacy professional and I know why GDPR is important. I know about the fines and requirements for compliance, but few others at my company do. How do I explain GDPR to my colleagues effectively?” I responded with a quick and simple answer that probably did not cover all the bases, so I wanted to write up some deeper thoughts on the subject.
April 16, 2018
March 15, 2019
I’m trying to work through some thoughts about how companies repeatedly take advantage of consumers’ privacy in the US. The latest being TikTok, a video sharing app acquired from musical.ly, which has agreed to pay $5.7 million to settle allegations that it collected personal information from children – a violation of COPPA or the Children’s Online Privacy Protection Act. Of note, TikTok is a $75 billion – with a B – dollar startup. In GDPR terms, the maximum fine for egregious behavior could be 4% of gross revenues or in TikTok’s case $3 billion – with a B – dollars, which is a far cry from the fine that the FTC assessed for their alleged COPPA violations (FTC’s largest ever COPPA fine).Continue reading this post...
March 13, 2019
Recently, the US Congress met to discuss privacy protections from the perspective of a federal regulation. One of the most discussed topics was GDPR and whether it works or not. A lot was said, and I was pretty disappointed with the overall lack of nuance with regards to understanding what privacy is about from sitting politicians. That said, I want to go over some of the arguments.Continue reading this post...