Where to start with GDPR compliance

(Jul 20, 2017) So, you have a pretty good idea that your company is going to fall within the reach of the EU General Data Protection Regulation, and you know that means you're likely going to have to change some things about your data handling and reporting capabilities. But what? And where do you begin? This 12-step checklist from the U.K. Information Commissioner's Office provides a good starting point, beginning with making sure people in your organization are aware of the change in the law and the kind of ... Read More

Democratic committee adopts encrypted messaging service

(Jul 18, 2017) The Democratic Congressional Campaign Committee has adopted encrypted messaging service Wickr for all internal communication and for communications between it and the 20 most vulnerable House incumbent campaigns, BuzzFeed News reports. The DCCC was victim last summer to a massive cyberattack in which thousands of its internal communications were made public. In some cases, individuals had their home addresses, cellphone numbers, personal files and opposition research released online. Editor's No... Read More

Podcast: Working for Obama taught this pro how to push policy

(Jul 14, 2017) Dipayan Ghosh has had a pretty interesting privacy career already, and he’s not yet 30 years old. He worked under the Obama administration in the Office of Science and Technology Policy as an advisor. Like, that was his first job. He later went to Facebook, and now he has earned himself a fellowship at New America, a D.C.-based think tank. In this episode of The Privacy Advisor Podcast, Ghosh talks about the ways in which his time at the White House helped him understand what kind of leaders are... Read More

The Privacy Advisor Podcast: Dipayan Ghosh on the kind of leaders who can push smart public policy

(Jul 14, 2017) Dipayan Ghosh has had a pretty interesting privacy career already, and he’s not yet 30 years old. He worked under the Obama administration in the Office of Science and Technology Policy as an advisor. He later went to Facebook, and now he’s earned himself a fellowship at New America, a D.C.-based think tank, as part of its recently launched public interest technology team. In this episode of The Privacy Advisor Podcast, Ghosh talks about the ways in which his time at the White House helped him u... Read More

Series: Benchmarking your privacy incident management program

(Jul 12, 2017) This series written for The Privacy Advisor by the team at Radar is about establishing program metrics and benchmarking your privacy incident management program. Radar provides purpose-built software designed to guide users through a consistent, defensible process for incident management and risk assessment. A significant volume of incidents involving regulated personal data is processed through the Radar platform, and that number grows every day. The Radar team will provide analysis of data inc... Read More

Lessons from recent ransomware attack on law firm

(Jul 5, 2017) Corporate Counsel offers a look at what lessons can be learned from a recent ransomware attack on law firm DLA Piper. According to a Legaltech News report, the firm's phone and computer systems went down, allegedly as a result of an attack similar to the recent WannaCry incidents that affected organizations around the world. The incident should serve as a reminder to in-house lawyers to be more careful about securing their data. Larry Ponemon, who has worked with DLA Piper as a consultant, said,... Read More

Consent Receipt API

(Jun 23, 2017) This open source code for a consent receipt API was developed by the Kantara Initiative Consent and Information Sharing Work Group. Access API ... Read More

OCR releases checklist for proper responses to health care cyberattacks

(Jun 12, 2017) The U.S. Department of Health and Human Services Office for Civil Rights released a “Quick-Response Checklist” to help remind health care organizations of the proper ways to respond to a cyberattack, HealthITSecurity reports. Executing response and mitigation procedure and contingency plans are among the subjects covered in the checklist. “The entity should also take steps to mitigate any impermissible disclosure of protected health information, which may be done by the entity’s own information ... Read More

Tensions run high at parliamentary counter-terrorism hearing

(Jun 5, 2017) A May 25 exclusive for The Privacy Advisor reported how a hearing of the U.S. Senate Judiciary Committee's Subcommittee on Crime and Terrorism was concerned that privacy laws, in particular, the GDPR, would make preventing crime difficult for law enforcement. Four days later, the European Parliament’s civil liberties committee tackled the same issue, and tensions rose at the “High-Level Expert Group on Information Systems and Interoperability,” as MEPs accused EU Counter-Terrorism Coordinator Gi... Read More

Gigya offers new GDPR-compliance program

(Jun 2, 2017) The countdown to the EU's General Data Protection Regulation implementation date is now less than a year away. With organizations around the world pushing to ensure they are GDPR complaint, a deluge of products has been released aimed at helping companies avoid the legislation’s massive financial penalties. One of those products seeking to stand out among this wave is Gigya’s Privacy by Design Program, which is broken into five steps for companies to incorporate the core tenets of the GDPR into ... Read More