ResourceCenter

Original broadcast date: 22 July 2021  The California Privacy Rights Act comes into effect on January 1, 2023. Among its new requirements is a new data retention provision. Personal and sensitive information must be disposed of when its purpose has been fulfilled, and the organization must disclose the retention policy at the time of collection. Additionally, the data retention policies apply to data collected on or after January 1, 2022. Under CPRA, companies can no longer simply hold individuals’ personal data forever; they must have robust data retention and disposal practices. Read More

Original broadcast date: 21 July 2021  Explore the business impact of intelligent automation in privacy incident response with Mahmood Sher-Jan, founder and CEO of RadarFirst. As organizations embrace digital transformation, it is the automation of critical business functions — like the privacy risk assessment — that deliver the most tangible business value. Read More

The Information Technology and Innovation Foundation released a report on increasing prevalence of global barriers to international data transfers. Measures to localize data have spiked since 2017, with the number of countries restricting cross-border data flows jumping from 35 to 62 and overall restrictions from 67 to 144. The ITIF listed China, Indonesia, Russia and South Africa as the countries most restrictive on data flows. The group said policymakers should work to avoid data localization,... Read More

Original broadcast date: 15 July 2021  To address mounting existential data exploits, siloed security and privacy capabilities are giving rise to a more effective Security and Privacy Operations Center (SPOC), whose combined charter is to implement and enforce data protection technology and controls throughout the entire life cycle of personal, sensitive and regulated data, and throughout the entire enterprise. By working together, security and privacy teams can achieve more effective data governance enterprise-wide and positively affect multiple facets of their organization’s business operations. Duplicative, separate operations are inefficient, prone to issues and fast becoming an unworkable strategy. Read More

The Data Security Council of India published a handbook outlining best practices for implementing data protection into artificial intelligence technologies from the design stage. The handbook maps out key privacy-by-design principles for developers to consider, including transparency, accountability, mitigating bias, fairness, security and privacy. Additionally, developers are provided tools such as checklists, a compliance map and examples of data security techniques to aid proper implementatio... Read More

Original broadcast date: 13 July 2021  In this interactive discussion experienced privacy experts provided a high-level overview of differential privacy concepts and reviewed the increasing number of actual implementations. The recognizable names may surprise you! The session is practical in nature and provides useful information on what it takes to implement DP in your organization. Read More

According to Axios, the World Economic Forum and Deloitte released a report on how smart cities are faring with their digital transformation, highlighting some shortcomings on privacy and cybersecurity. The report, which looked at smart cities in 22 countries, shows less than 25% conduct privacy assessments for new technologies and a majority of cities have not designated a cybersecurity chief. "Cities today lack the basic building blocks to safeguard their interests and ensure the longevity of ... Read More

A paper written for the Global Privacy Assembly Digital Citizen and Consumer Working Group looks at the interactions between antitrust and privacy laws around the world. The paper is based on a review of more than 200 documents from agencies that enforce various laws. The goal of the report is to shine a spotlight on the complex relationship between privacy and antitrust and "deepen the shared understanding of antitrust and data privacy authorities regarding the many interactions between their d... Read More

The IAPP created a chart comparing the comprehensive data privacy laws in California, Virginia and Colorado. It provides an overview of each law’s requirements, highlighting their similarities and differences, to assist businesses looking ahead to a January 2023 operative date for Virginia’s Consumer Data Protection Act and the majority of the provisions in the California Privacy Rights Act and a July 2023 effective date for the Colorado Privacy Act. Read More

Original broadcast date: 29 June 2021  The cookie landscape is shifting, yet consent requirements are still critical. Google is working with the industry on its Google Privacy Sandbox for audience segmentation (FLoC) and bidding algorithms (FLEDGE) to address use cases after the removal of third-party cookies in its Chrome browser. Companies are actively exploring ways to engage consumers directly and build consumer trust. Although organizations will continue to need to meet cookie consent and universal consent requirements, it’s more critical than ever to pay closer attention to improving consumer trust.  Read More