Additional News and Resources
How to manage insider threats without violating privacy laws
The idea of an "insider threat" is becoming a key issue in companies' business risk management, and data privacy requirements have a significant impact on the mitigation measures companies can take against inadvertent and malicious threats. While organizations are fundamentally interested in mitigating insider threat-related risks to information security, IT and compliance professionals must be aware of competing legal requirements and compliance issues to be able to effectively mitigate those r... Read More
Does the CCPA regulate internal transfers?
Getting ready for the California Consumer Privacy Act is a priority for most U.S. organizations in 2019. From reviewing vendor contracts to updating privacy policies and data maps, seasoned privacy professionals are familiar with this exercise, as they have significant muscle memory built in from past compliance heavy lifts, such as the EU General Data Protection Regulation. However, little attention has been placed on the effects of the CCPA on intragroup data transfers, and many assume the act... Read More
How to draft a GDPR-compliant retention policy
Data minimization, storage limitation, records of processing activities and requirements for providing information and access to personal data under the EU General Data Protection Regulation all have one thing in common: You need to be able to clearly define the period for which personal data will be stored or, if not possible, criteria to determine that period. Most organizations implementing the GDPR consider retention policies or retention rules necessary to achieve this. At first it seems a... Read More
Building a program? Better get your internal audit game right
It can be challenging for a business to correctly identify its unique privacy risks and the sufficiency of any safeguards in place to manage those risks. That’s where a well-developed internal-audit function is essential, writes Sara van Spronsen in this exclusive for The Privacy Advisor. “Without the independence, skills and expertise, and cross-border abilities of a well-developed internal audit function, an organization may find itself struggling to provide the necessary substance to back its... Read More