Thinking through ACL-aware data processing

(Jul 17, 2019) Large cloud computing services are generally run for multiple users. In a few cases, all the data processed by that service is public. In virtually all cases, users have an expectation that some of the information about them is kept private. Even if the data store itself is public, logs about access to that data are generally not. Keeping each person’s information separate is most simple in the primary data stores, where each object can easily have its own access control list. Once we step into... Read More

Tech talk: Exploring ACL-aware data processing

(Jul 17, 2019) Large cloud computing services are generally run for multiple users. In a few cases, all the data processed by that service is public. In virtually all cases, users have an expectation that some of the information about them is kept private. Even if the data store itself is public, logs about access to that data are generally not. Keeping each person’s information separate is most simple in the primary data stores, where each object can easily have its own access control list. However, most clou... Read More

TrustArc CEO discusses future following $70M funding round

(Jul 17, 2019) As the global regulatory landscape continues to change, privacy technology has become an important commodity to assist businesses in their compliance efforts. Investors have picked up on this shift and started to look at which privacy tech vendors can help them break into the market. This interest has recently surged after several tech vendors received some notable investments that have left them flushed with cash. TrustArc was one of the companies to benefit from the windfall. The organization... Read More

Web con: 'Your Guide to Understanding & Operationalizing the Privacy by Design Framework'

(Jul 16, 2019) Global interest in privacy has led to a surge in privacy legislation, and organizations of all sizes find themselves in the position of having to implement and maintain compliance with regulations filled with regional peculiarities. Privacy by design and its EU version, data protection by design, can be effective starting points for de-facto “common denominator” policies that are compatible with a large number of privacy frameworks. Join the IAPP July 26 for this web conference in which privacy ... Read More

Dutch DPA issues first fine for GDPR violations

(Jul 16, 2019) The Dutch data protection authority, Authoriteit Persoonsgegevens, issued its first fine for violations of the EU General Data Protection Regulation to Haga Hospital, DutchNews.nl reports. The AP issued a 460,000 euro penalty to the hospital after the agency determined it did not have the proper measures in place to protect patients’ information. The AP’s investigation came after it was discovered staff members illicitly accessed the records of a TV star. Should Haga Hospital not improve its sec... Read More

Global Data Breach Notification Law Library

(Jul 16, 2019) This free tool from RADAR allows users to access a library containing hundreds of global privacy laws, rules, and regulations to stay current on existing and proposed legislation. Features in this tool include: Interactive maps to quickly identify notification laws pertaining to a designated U.S. state. Up-to-date overviews of global breach notification laws and all 50 U.S. state regulations. Incident risk assessment and data breach reporting requirements - as well as penalties for non-comp... Read More

So the Facebook fine is $5B: Does that change anything?

(Jul 15, 2019) Ever since news leaked Friday that the U.S. Federal Trade Commission had fined Facebook $5 billion over violations of its 2011 consent decree with the agency, the Twitterverse has been in a tizzy. There are those who cite it's the highest privacy enforcement fine in the FTC's history, and there are those who say $5 billion is a drop in the bucket to a company as rich as Facebook and therefore indicates a failure on the FTC's part to enforce consumer privacy. While there's merit in debating wheth... Read More

So the fine is $5B: Does that change anything?

(Jul 15, 2019) Ever since news broke that Facebook told its shareholders to prepare for a $5 billion fine from the U.S. Federal Trade Commission over violations of its 2011 consent decree with the agency, the Twitterverse spun into varied but equally strong reactions on two sides. There are those who cite it's the highest privacy enforcement fine in the FTC's history, and that ain't nothing. And there are those who say $5 billion is a drop in the bucket to a company as rich as Facebook and therefore indicates ... Read More

Notes from the IAPP Editorial Director, July 12, 2019

(Jul 12, 2019) Greetings from a humid Portsmouth, New Hampshire! After a brief vacation and holiday break, I was welcomed back this week with a 1-2-3 punch for privacy news. Though not strictly related to the U.S., the U.K. Information Commissioner's Office essentially kicked off "GDPR 2.0" by notifying the public of its intent to fine British Airways $230 million and Marriott International $130 million for alleged GDPR violations. After many of you spent years preparing for the regulation, and followed a fai... Read More

Tech vendor investments spring as GDPR fines emerge

(Jul 12, 2019) It is no coincidence that OneTrust’s announcement of a $200 million Series A investment, which values the 2016-founded privacy tech vendor at $1.3 billion, came on the heels of the U.K. Information Commissioner’s notice of intent to fine Marriott International and British Airways $130 million and $230 million respectively under the EU General Data Protection Regulation, IAPP Vice President and Chief Knowledge Officer Omer Tene writes. OneTrust is not the only privacy tech vendor to receive a rec... Read More