Building A Strong Information Governance Team To Last

four hands

It is trite but true:  Information is one of a business’s most valuable assets.  Yet just like oil, if not handled properly, it can cause serious damage.   That’s why a business’s information governance (IG) team needs to be carefully considered and planned—its members have the important responsibility of understanding the “who, what, where, when and … Read more

New California Data Security And Breach Notification Requirements For 2016


Businesses and government entities have been subject to data security breach notification requirements under California law for decades. In 2002, California was the first country worldwide to pass a law requiring businesses and agencies to notify data subjects of data security breaches. Since then, California has regularly updated its data security breach notification law, including … Read more

Global Data Protection Enforcement Guide

data transfering

Nearly every company in the world is struggling to effectively manage the broad range of legal and operational risks associated with data.  Data is everywhere, and everyone is working to maximize its organizational value, while avoiding wrongful disclosures, theft of informational assets, and the losses related to the costly legal fallout.  This is the result, … Read more

EU GDPR Is Here, Now What?


So we have all fully digested 209 pages of  the EU General Data Protection Regulation (GDPR) text, and added it to our 2016 new year’s resolution, now what?   While the EU Parliament and Council are expected to have their final vote on the GDPR in the first quarter of 2016, how should companies start preparing for … Read more

Enhancing Enterprise Security By Combining Data Science With Domain Expertise

click on access

Organizations are recognizing that data scientists can play a valuable role in enterprise IT security. However, effective security requires a collaborative effort between data scientists and security professionals within an enterprise. While data scientists have a pivotal role to play, they cannot and should not operate in a vacuum. Leveraging Data Science to Mitigate Security … Read more

Data Protection Officer Must Not Have A Conflict Of Interests


German Data Protection Authority fined a company for having the IT manager appointed as Data Protection Officer – A greater risk under the European General Data Protection Regulation? According to the German Federal Data Protection Act (“FDPA”) companies must appoint a Data Protection Officer (“DPO”) if (inter alia) at least ten persons are involved in the … Read more

Monitoring Of Employee Email And Internet Use In Germany – Guidance From Data Protection Authorities

employee email

On February 5, 2016 the German data protection authorities, issued guidance (available in German) for private sector organisations explaining when and how an employer may monitor its employees’ work email account and Internet usage (“Guidance”).  German employers would be wise to structure their monitoring activities to comply with the Guidance.  1.  Threshold Question The applicable legal … Read more