How to interpret GDPR, LGPD, and PIPL when choosing Data Protection Officers?

Two recently passed data privacy laws impact the selection of Data Protection Officers, but provide varying degrees of specificity on the subject: the Chinese Personal Information Protection Law (PIPL) and the Brazilian General Data Protection Law (LGPD). Since both laws share similarities with t...

WhatsApp paying 225 Million Euro Fine

Earlier today, the Irish Data Protection Commission (DPC) announced a 225 million euro fine against WhatsApp. As many know, WhatsApp is owned by Facebook and this fine was targeted at the transparency of WhatsApp’s processing activities. In some ways, this even mirrors Cambridge Analytica from 20...

What’s in a name (or Why Privacy Ref)

An important decision when starting a company is the name. Many people have asked me “why Privacy Ref?” There are actually four reasons the name was chosen.

Dungeons and Data Breaches

It is no mystery that I am a fan of most nerdy things, most of all table-top games like Dungeons and Dragons. Interestingly, the skills necessary to play such games intersect quite often with the skills necessary to build an effective privacy program. Whether it is teamwork, preparation, or knowl...

Exposing Employee Personal Information (Unintentionally)

Before COVID, my wife and I tried to get out for lunch together at least once a week (when I was not on the road). Today we went to one of our favorite lunch restaurants and found a surprising sign when we approached the hostess to be seated.

Databreach or Ransomware?

An interesting point about ransomware was made to me after my most recent quarterly breach webinar. Essentially, the statement noted that ransomware is a not the same as a data breach. While this is technically true for the most part, there is enough relevant overlap in the implications of other ...

In person training is back!

COVID is not over, but life is returning to what is being called “normal”. I’m looking forward to traveling, seeing my family, eating in restaurants, going to the movies, and returning to working with people face-to-face. Professionally, I miss teaching in person.

How much personal data did your cup of coffee cost you today?

A simple trip to your local coffee shop or visit to their website to browse or place a pick-up order can lead to divulging more personal information than you may have intended. Starting an account, signing up for a rewards program or simply completing a transaction will have you literally giving ...

Making Privacy Impact Assessments less of a PIA

Every day I speak with clients about a number of different privacy related matters. However, the one that has become most prominent is setting up or running privacy impact assessments. PIAs are a tool used to identify the potential privacy risk from any existing or proposed activity, product, sys...

Let’s talk about HIPAA

Do you know what HIPAA stands for? What does HIPAA protect? Are there any exemptions? Watch this short video to get the answers.
Privacy-trained employees are an asset!