Is Traceability a Privacy Concern? Dissecting the India-WhatsApp Feud

Earlier this year, India’s Ministry of Electronics & IT (MEITY) announced new guidelines for popular social media companies such as Facebook, Twitter, and Google. The new policy dictates, among other things, that the companies will be required to acknowledge and comply with India’s takedown requests of “unlawful, misinformation, and violent content within 24 hours.” India…

Swipe on, Swipe off: Key Fobs are Gathering Your Data and How the New York Tenant Data Privacy Act Looks to Help

A New York City law will regulate how landlords may gather and use their tenants’ data. This law is the first of its kind to create duties and responsibilities for building owners in how they must manage data and information gathered through smart access devices. Convenience vs Privacy In the ongoing tug-of-war between personal convenience…

Data minimization

More Data, More Problems:Why Data Minimization should be a first step before De-identification,Anonymization or similar methods.

Data minimization can shrink a company’s data footprint which lessens the impact of a data breach on businesses and consumers alike. Data minimization is a practice business must put in place, even if they are already using another strategy to prevent identification of stored personal data. Minimization is more than a best practice; it is a standard that allows companies to show due diligence and a commitment to protecting consumer data.

Data Governanace and minimization

The Barbarians Are Already though the Gate: Why Data Governance and Data Minimization are necessary to protect consumer data

The Colonial Pipeline ransomware attack, the Solarwinds Breach, and other recent attacks have made one thing abundantly clear; threats from malware, ransomware, and phishing are an inevitability. So long as hackers can make money from cyber attacks, there will be a palpable threat to every company, school, and government system. The response to cyber attacks…

How Accurate Is Your Record of Processing Activities (RoPA)? The First Step for Your Data Privacy Program, Explained

Article 30, on Processing Record keeping, is one of the most important GDPR obligations companies need to understand. Article 30 requires companies to keep a detailed record of all activities related to the processing of personal data, also known as a Record of Processing Activities (RoPA). While a RoPA is only required under GDPR, it…

Virginia is for Privacy Lovers: Comparing Virginia’s CDPA to California’s CCPA

In the absence of comprehensive federal legislation on the topic, states have taken it upon themselves to protect consumer’s information in our increasingly data driven world. On February 5, 2021, the Virginia Senate passed the Virginia Consumer Data Protection Act (“CDPA”). If signed by Governor Northam, CDPA would be the second comprehensive state-level consumer data…