How to manage, monitor and validate third-party data sharing

(Sep 19, 2019) When companies manage how personal data is shared and transferred to third parties, much of the effort lately has been focused on bringing legal contracts in line with requirements under the EU General Data Protection Regulation and now, increasingly, the California Consumer Privacy Act.  How can organizations effectively ensure they have the requisite data knowledge to validate data flows and the purpose of processing, as well as monitor data transfers to flag when personal data is going where... Read More

Spain's DPA releases guidance on data processing for wellness, education apps

(Sep 19, 2019) The Spanish Agency for Data Protection published guidance for education and wellness applications that process personal data. The guidance is not only intended for the organizations that are responsible for processing the data, but also for the developers of the apps. The DPA’s document identifies practices that may negatively impact user privacy and solutions and alternatives to avoid such behavior. The AEPD and Polytechnic University of Madrid analyzed the 10 most-popular wellness and educatio... Read More

A new global guide for implementing the CCPA

(Sep 19, 2019) The California Consumer Privacy Act is the most sweeping privacy law in the United States and rivals the EU General Data Protection Regulation in terms of the shift it will require in mindset and business for organizations processing personal information about California residents. Businesses must begin preparing — and rapidly — for the statute. To help, Perkins Coie Partner Dominique Shelton Leipzig, CIPP/US, has written "Implementing the CCPA: A Guide for Global Business" to help the person wh... Read More

How to balance third-party data sharing and compliance requirements

(Sep 19, 2019) When companies manage how personal data is shared and transferred to third parties, much of the effort lately has been focused on bringing legal contracts in line with requirements under the EU General Data Protection Regulation and now, increasingly, the California Consumer Privacy Act. BigID Head of Product Nimrod Vax looks at how organizations can balance sharing data with third parties to ensure they stay on top of compliance requirements while not standing in the way of business initiatives... Read More

CNIL updates no-deal Brexit FAQ

(Sep 19, 2019) France’s data protection authority, the CNIL, updated its frequently asked questions page on how organizations should handle data transfers between the EU and the U.K. in the event of a no-deal Brexit, according to a post on Hunton Andrews Kurth's Privacy & Information Security Law Blog. The CNIL recommends companies identify processing activities that involves data transfers to the U.K., determine the proper transfer mechanism for those activities, and ensure they are in place and effective... Read More

Design considerations for building privacy-protecting analytics services

(Sep 18, 2019) If data is the new oil, then analytics are the new refinery without which any modern business is unable to make informed decisions. However, data analytics and privacy are seldom assumed to go together. If media reports and regulatory actions are any indication, services and platforms that utilize or enable analytics have consistently been under scrutiny in terms of meeting reasonable privacy expectations. Conflict between data analytics and privacy Whether the issues are related to adequate p... Read More

How data analytics and privacy can coexist

(Sep 18, 2019) "If data is the new oil, then analytics are the new refinery without which any modern business is unable to make informed decisions," writes Mode Analytics Head of Security and Privacy Rafae Bhatti, CIPP/US, CIPM. "However, data analytics and privacy are seldom assumed to go together. If media reports and regulatory actions are any indication, services and platforms that utilize or enable analytics have consistently been under scrutiny in terms of meeting reasonable privacy expectations." In thi... Read More

Web con: 'How Privacy Tech Is Bought and Deployed'

(Sep 18, 2019) For the second straight year, the IAPP and TrustArc released their survey on how privacy technology products are purchased and deployed within an organization. Join the IAPP Oct. 15 for this sponsored web conference to learn about the key takeaways from the survey, including what technology is commonly used versus solutions that are far from the mainstream, the tools that are better suited for the privacy officer rather than in information technology or infosecurity, and how technologies with bu... Read More

OTA puts privacy notices against GDPR, CCPA, PIPEDA

(Sep 18, 2019) The Internet Society’s Online Trust Alliance examined 1,200 privacy notices to see whether companies are compliant with existing and upcoming privacy laws. The OTA looked at 29 categories within the privacy notices and matched them with requirements found within the EU General Data Protection Regulation, Canada’s Personal Information Protection and Electronic Documents Act and the upcoming California Consumer Privacy Act. The OTA found less than 1% of privacy notices had languages about which th... Read More

Video: 'Women Who Inspire: A Career Panel with IAPP Leaders'

(Sep 16, 2019) An increasing percentage of chief privacy officers and chief information officers are women. As part of its Women Leading Privacy Section, the IAPP had three of its leaders discuss their experiences and challenges in the fields of government, law and technology. IAPP Senior Privacy Fellow Caitlin Fennessy, CIPP/US, General Counsel, Research Director and Data Protection Officer Rita Heimes, CIPP/E, CIPP/US, CIPM, and Vice President and Chief Technology Officer Cathy Scerbo offer their advice on d... Read More