California – New Data Security Requirements For Manufacturers Of Connected Devices


Effective January 1, 2020, according to a new Cal. Civ. Code § 1798.91.04(a), manufacturers of connected devices offered for sale or sold in California must equip such devices with reasonable security features to protect the device and any information contained in them from unauthorized access, destruction, use, modification, or disclosure.Unlike the GDPR and other data … Read more

Reasonable Retention Of Personal Information: The Compliance Advantage Of Risk-Based Polices And Procedures For Information Governance


A recent privacy breach case in Canada offers practical guidance for organizations anywhere to avoid the over-retention of personal data.A May 2017 Order from the Office of the Information and Privacy Commissioner of Alberta provides new insight into the requirement under section 35 of the Personal Information Protection Act to retain personal information only as … Read more

New California Data Security And Breach Notification Requirements For 2016


Businesses and government entities have been subject to data security breach notification requirements under California law for decades. In 2002, California was the first country worldwide to pass a law requiring businesses and agencies to notify data subjects of data security breaches. Since then, California has regularly updated its data security breach notification law, including … Read more

Global Data Protection Enforcement Guide

data transfering

Nearly every company in the world is struggling to effectively manage the broad range of legal and operational risks associated with data.  Data is everywhere, and everyone is working to maximize its organizational value, while avoiding wrongful disclosures, theft of informational assets, and the losses related to the costly legal fallout.  This is the result, … Read more

EU GDPR Is Here, Now What?


So we have all fully digested 209 pages of  the EU General Data Protection Regulation (GDPR) text, and added it to our 2016 new year’s resolution, now what?   While the EU Parliament and Council are expected to have their final vote on the GDPR in the first quarter of 2016, how should companies start preparing for … Read more

Enhancing Enterprise Security By Combining Data Science With Domain Expertise

click on access

Organizations are recognizing that data scientists can play a valuable role in enterprise IT security. However, effective security requires a collaborative effort between data scientists and security professionals within an enterprise. While data scientists have a pivotal role to play, they cannot and should not operate in a vacuum. Leveraging Data Science to Mitigate Security … Read more

Monitoring Of Employee Email And Internet Use In Germany – Guidance From Data Protection Authorities

employee email

On February 5, 2016 the German data protection authorities, issued guidance (available in German) for private sector organisations explaining when and how an employer may monitor its employees’ work email account and Internet usage (“Guidance”).  German employers would be wise to structure their monitoring activities to comply with the Guidance.  1.  Threshold Question The applicable legal … Read more