Odia Kagan

You need a data retention plan. No really.

And not just in the European Union. In California too.

Commission Nationale de l’Informatique et des Libertés (CNIL) has fined messaging platform

Continue Reading Make Sure You Have a Good Data Retention Plan. You Need It.

For deidentification under the traditional laws like HIPAA, removal of identifiers qualifies.

That was a key facet of what I discussed last week on an anonymization panel during the IAPP

Continue Reading Deidentification vs Anonymization: What Is Enough?

Employers should have in place a process to delete former employees’ information – including public facing information and photos – to meet their retention limitation requirements, according to the Belgian

Continue Reading Caveat Employer? In the EU and California, Employers Must Beware!

During its 44th Annual meeting in Istanbul, the Global Privacy Assembly (GPA) voted to admit the California Privacy Protection Agency (CPPA) as a full voting member.

The Global Privacy Assembly

Continue Reading California Privacy Protection Agency Admitted Into Global Privacy Assembly

The California Privacy Protection Agency has revised (again) the CPRA regulations.

There are several edits, including some clarifications and removals simplicity of implementation “at this time.” The regulations also double

Continue Reading Revised California Privacy Rights Act Regulations Are Out: What You Need to Know.