Where to start with GDPR compliance

(Jul 20, 2017) So, you have a pretty good idea that your company is going to fall within the reach of the EU General Data Protection Regulation, and you know that means you're likely going to have to change some things about your data handling and reporting capabilities. But what? And where do you begin? This 12-step checklist from the U.K. Information Commissioner's Office provides a good starting point, beginning with making sure people in your organization are aware of the change in the law and the kind of ... Read More

Matchup: GDPR and Hong Kong’s Personal Data (Privacy) Ordinance

(Jul 20, 2017) In this Privacy Tracker series, we look at laws from across the globe and match them up against the EU General Data Protection Regulation. The aim is to help you determine how much duplication of operational effort you might avoid as you move toward GDPR compliance and help you focus your efforts. In this installment, Alibaba Cloud's ShanShan Pa, CIPP/E, CIPP/US, CIPM, FIP, compares Hong Kong's Personal Data (Privacy) Ordinance with the GDPR. Hong Kong's ordinance came into effect just after the... Read More

Two new GDPR compliance assessment tools released

(Jul 20, 2017) In a company blog post, Microsoft announced the roll out of two new tools to help companies assess their compliance readiness for the EU General Data Protection Regulation. Its free GDPR benchmark assessment tool offers 26 questions to generate a downloadable report on an enterprise's compliance readiness. In a second tool offered through its Partner Network, Microsoft has also released a detailed GDPR readiness assessment tool that provides a more in-depth analysis of an organization's readines... Read More

GDPR matchup: Hong Kong’s Personal Data (Privacy) Ordinance

(Jul 20, 2017) In this Privacy Tracker series, we look at laws from across the globe and match them up against the EU General Data Protection Regulation. The aim is to help you determine how much duplication of operational effort you might avoid as you move toward GDPR compliance and help you focus your efforts. In this installment, Alibaba Cloud's ShanShan Pa, CIPP/E, CIPP/US, CIPM, FIP, compares Hong Kong's Personal Data (Privacy) Ordinance with the GDPR. The data protection law in Hong Kong is the Personal... Read More

Tech company releases consent management platform

(Jul 19, 2017) With companies ramping up for the forthcoming EU General Data Protection Regulation and eventual implementation of the proposed EU ePrivacy Regulation, Evidon has released a new consent-management platform, AdExchanger reports. The platform allows companies to apply a tag that gives consumers the ability to provide opt-in consent, see the data collected, and modify what is being tracked, the report states. Evidon CEO Scott Meyer said, "We've had ad tech companies come to us and say, 'How do we g... Read More

Democratic committee adopts encrypted messaging service

(Jul 18, 2017) The Democratic Congressional Campaign Committee has adopted encrypted messaging service Wickr for all internal communication and for communications between it and the 20 most vulnerable House incumbent campaigns, BuzzFeed News reports. The DCCC was victim last summer to a massive cyberattack in which thousands of its internal communications were made public. In some cases, individuals had their home addresses, cellphone numbers, personal files and opposition research released online. Editor's No... Read More

Communication failure slowed telco response to data breach

(Jul 18, 2017) A communications breakdown is to blame for a weeklong lag time in Verizon’s response following a recent incident that potentially could have affected 6 million customers, The Washington Post reports. Chris Vickery, the cybersecurity researcher who discovered the vulnerability that would have allowed access to anyone with a public link to the cloud storage of the data, had initially reported it via voicemail to a Verizon cyber team employee who was on vacation. A week later, he followed up with a... Read More

NetApp discusses the distinction between privacy and security

(Jul 18, 2017) NetApp Chief Privacy Officer Sheila Fitzpatrick recently spoke with ZDNet about the critical distinction between security and privacy, something she notes is an important recognition that companies need to take seriously. Fitzpatrick warns of the false assumption that some companies have in believing security measures can protect the collection of private information. "If you're encrypting data you're not legally allowed to have, security's not going to help you," she said. Fitzpatrick goes on t... Read More

Match Group consolidates privacy operations

(Jul 17, 2017) At last count, the dating site Match.com had regional versions in 25 countries, in at least eight languages. But its parent company, Match Group, is home to any number of other dating brands, including Meetic, Tinder, OkCupid, Twoo, PlentyOfFish and ParPerfeito, spanning more than 190 countries and 42 languages. That makes for a lot of privacy challenges. To address them, Match Group has consolidated privacy under one global leader, Idriss Kechida, CIPP/E. In this piece for The Privacy Advisor, ... Read More

IAPP Web con: '2017 Midyear Update: Incident Readiness and Identity Theft'

(Jul 17, 2017) The IAPP’s "2017 Midyear Update: Incident Readiness and Identity Theft" is now available for free download. Panelists Jerry Thompson, senior vice president at Identity Guard, and Craig Spiezle, chairman emeritus at the Online Trust Alliance, discuss the current state of play in the data breach and identity theft landscapes and how you can take practical steps to avoid a breach. Originally broadcast June 29, this free download is eligible for CPE credits.Full Story ... Read More