You need a data retention plan. No really.
And not just in the European Union. In California too.
Commission Nationale de l’Informatique et des Libertés (CNIL) has fined messaging platform
Continue Reading Make Sure You Have a Good Data Retention Plan. You Need It.
For deidentification under the traditional laws like HIPAA, removal of identifiers qualifies.
That was a key facet of what I discussed last week on an anonymization panel during the IAPP
Continue Reading Deidentification vs Anonymization: What Is Enough?
Employers should have in place a process to delete former employees’ information – including public facing information and photos – to meet their retention limitation requirements, according to the Belgian
Continue Reading Caveat Employer? In the EU and California, Employers Must Beware!
While speaking recently at the Nordic Privacy Arena in Sweden, I offered Nordic companies seven things they should think about when doing business in the United States.
For your reading
Continue Reading 7 Things Nordic Companies Should Think About When Doing Business in the US
I was lucky enough to give the keynote this week at the InfoGov World conference in San Diego.
Between panels and speeches, I came up with these seven hot topics
Continue Reading Data Protection Professionals Like it Hot: 7 Hot Topics and Trends in Data Privacy Today
Does vehicle service data for services performed on a vehicle while owned by a previous owner belong to the new owner and need to be provided as part of a
Continue Reading Does Vehicle Service Data “Relate to an Identifiable Individual?” Finland DPA Says It’s Complicated
During a recent webinar hosted by The Chicago Bar Association, some other panelists and I made some predictions about the future of data privacy.
What is on the horizon?
California Attorney General Rob Bonta has issued statement about protecting health data in mobile apps in view of the upcoming SCOTUS decision in Dobbs. In the process, he also signaled
Continue Reading Keep Your Health Data Secure. And Your App-Hosted Health Data Securer.
The old saying went that “if you don’t want it on the front page of the newspaper, don’t put it in an email.” Well, if you don’t want to produce
Continue Reading If You Don’t Want It Released to an Employee, Don’t Put It in Your Employee Files
Let’s say you are an EU company. You engage a processor. Data is processed in the EU. There is no transfer.
But in the processor-sub-processor data processing agreement, the data
Continue Reading Where Is a Transfer? Datatilsynet Says Almost Everywhere!