I had promised Bob that I would take the CIPP/US exam “before the end of 2022” and pushed that to the limit. On December 27th, I took the exam and passed. Lots of people ask for advice on how to study, what to study, or tips for taking the test itself. I cannot share actual […]
We want training to be something that our participants can enjoy. We also know it takes a surprising amount of energy to pay attention to something that may not be front of mind. How is someone supposed to pay attention to the updated data retention policy when they have an email campaign starting this week?
Should training be “fun”? Read More »
You\’ve created a data inventory, you\’ve mapped your processes, and researched the laws and regulations that are applicable to your business. Not surprisingly, there are some gaps between your practices and the legal requirements. Now what do you do?
Achieving Operational Compliance: Analyzing the Gaps Read More »
And how does it affect my marketing activities? Opt-out mechanisms for consumers For companies engaged in direct marketing activities, the opt-out mechanism is a known and growing complicating element. The Attorney General’s decision in the Sephora Case has resulted in the Global Privacy Control increasingly becoming a mechanism that businesses must respect on their websites.
Is there a National Do Not Mail List? Read More »
It has been no secret that I am a nerd. One place my inner nerd particularly surfaces is my love of board games. From your most basic game of Scrabble, in depth games of Catan, or diving deep into a euro-game with an encyclopedia sized rulebook, I am ready to go. There is a lot
Learning From Nerds: Please Read the Rules Read More »
The privacy legal landscape is rapidly changing. Many jurisdictions are considering or are about to enforce new legislation for the protection of personal information with varying requirements. Once the laws are enacted, regulatory authorities than interpret the requirements which may impact what organizations must do to comply. Recognizing the passage and enforcement of a new
Achieving Operational Compliance: The Law is Just the Start Read More »
When new technologies arrive on the scene, there is a rush to use them everywhere. Bluetooth technology led to including it in almost any new product regardless of whether it actually adds anything. Internet connectivity has also seen a similar reaction; most notably I recall a juicer that was connected to the internet leading to
How does the draft US federal privacy bill measure up to the GDPR? Months after the \”agreement in principle” between the EU and the US for a new \’Trans-Atlantic Data Privacy Framework,\’ a draft federal data privacy bill has been proposed by US Congress members. The question remains whether the US bill will stand up
New US federal data privacy bill review Read More »
How does the new Connecticut Data Privacy Act compare to other state laws? Both the Connecticut House of Representatives and Senate have approved the new Connecticut Data Privacy Act (CTDPA) as of April 28. From a thorough review, the bill seems to be stronger than some other recent state privacy laws. I took the time
Connecticut Privacy Law Review Read More »
In my last webinar about privacy impact assessments, there were some questions about risk and how to rank it. There are several ways to determine risk rankings as well as what a risk actually is. Most important is experience with various situations and in a number of different verticals in order to understand what risks
