Four Key Rules For Collecting Biometric Data In A Privacy – Compliant Way


In this post, we provide you with four key rules for collecting biometric data to ensure the collection is privacy-compliant.  While extracted from the recent Guidance on Collection and Use of Biometric Data issued by the Hong Kong Privacy Commissioner and from a 2011 Guidance issued by the Canadian Privacy Commissioner, these rules are of … Read more

GDPR – German Data Protection Authorities Establish New Rules For Whistleblowing Hotlines: Call For Action

three women

In light of the GDPR, the German data protection authorities (German DPAs) have issued new guidance regarding the implementation of whistleblowing hotlines. The new position of the German DPAs is so fundamentally different from their pre-GDPR position that German companies should review, and likely implement changes to, any existing whistleblowing hotlines offered to their employees. … Read more

California – New Data Security Requirements For Manufacturers Of Connected Devices


Effective January 1, 2020, according to a new Cal. Civ. Code § 1798.91.04(a), manufacturers of connected devices offered for sale or sold in California must equip such devices with reasonable security features to protect the device and any information contained in them from unauthorized access, destruction, use, modification, or disclosure.Unlike the GDPR and other data … Read more

Reasonable Retention Of Personal Information: The Compliance Advantage Of Risk-Based Polices And Procedures For Information Governance


A recent privacy breach case in Canada offers practical guidance for organizations anywhere to avoid the over-retention of personal data.A May 2017 Order from the Office of the Information and Privacy Commissioner of Alberta provides new insight into the requirement under section 35 of the Personal Information Protection Act to retain personal information only as … Read more

Building A Strong Information Governance Team To Last

four hands

It is trite but true:  Information is one of a business’s most valuable assets.  Yet just like oil, if not handled properly, it can cause serious damage.   That’s why a business’s information governance (IG) team needs to be carefully considered and planned—its members have the important responsibility of understanding the “who, what, where, when and … Read more