PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Profiling and the GDPR: An interview with Mark Singer and Raf Sanchez

I had the opportunity to interview Mark Singer and Raf Sanchez, both at Beazley, about the issue of profiling and the GDPR. Mark Singer is a member of the Cyber & Executive Risk Group at Beazley. Mark handles insurance coverage issues arising out of cybersecurity, technology errors and omissions, data privacy, intellectual property, media and advertising liabilities. Raf […]

Cartoon: Data Subject Access Requests Under the CCPA and GDPR

Cartoon Data Subject Access Requests (DSARs) - TeachPrivacy CCPA Training 02

This cartoon is about data subject access requests (DSARs) — sometimes called “subject access requests” (SARs).  The GDPR Article 15 provides for DSARs.  The new California Consumer Privacy Act (CCPA) provides individuals with a right to learn about the personal data collected and shared about them over the past 12 months. For more background about […]

Anatomy of a Privacy Law

Anatomy of a Privacy Law - Prof Daniel Solove 01

I was recently giving a presentation about new privacy laws, and I created the infographic above to catalog the various elements that privacy laws often have.  Going through this list can help to assess how complete a privacy law is.  For example, the California Consumer Privacy Act (CCPA) is often compared to the General Data […]

Key EDPB (European Data Protection Board) Documents for GDPR

EU Article 29 Working Party GDPR Guidance

The EDPB (European Data Protection Board) was created by the EU Data Protection Directive in 1996.  Its purpose is to provide advice, opinions, and guidance about data protection.  The EDPB (European Data Protection Board) is composed of a representative from each EU member state. Below are some of the most important guidelines to be issued […]

Locating Personal Data and Tracking Privacy Rights: An Interview with Dimitri Sirota

One of the biggest challenges for organizations is locating all the personal data they have. This task must be done, however, to comply with the General Data Protection Regulation (GDPR) and other privacy laws. Moreover, the GDPR and the new California Consumer Privacy Act provide that individuals have rights regarding their data. These rights often […]

Cartoon: GDPR Consent

Cartoon GDPR Consent - TeachPrivacy GDPR Training 02 medium

This cartoon is about consent under the GDPR.  Under the GDPR Article 6, consent is one of the six lawful bases to process personal data.  Article 7 provides further guidance about consent, including the data subject’s right to withdraw consent.  The meaning of what “consent” requires is most thoroughly stated in Recital 32: Consent should […]

Strategic Privacy by Design: An Interview with Jason Cronk

Privacy by design — or “Data Protection by Design” as it is referred to in the General Data Protection Regulation (GDPR) — is essential to meaningful privacy protection. Yet, it is often quite thin and incomplete. As I wrote a few years ago about privacy by design, “The ‘privacy’ the designers have in mind might be […]

Cartoon: GDPR Data Portability

Cartoon GDPR Data Portability Santa - TeachPrivacy GDPR Training 02 medium

This cartoon is about the GDPR’s right to data portability under Article 20.  This right allows data subjects to take their data from one organization and transfer it easily to other organizations. Pursuant to the GDPR Article 20: 1. The data subject shall have the right to receive the personal data concerning him or her, […]

Cartoon: GDPR Superhero

Cartoon GDPR Superhero - TeachPrivacy GDPR Training 02 medium

For global organizations as well as organizations in the EU, the GDPR has brought significant attention and resources to privacy.  Finally, many executives are beginning to take privacy seriously.  As I recently wrote in my article, Prime Time for Privacy, at Bloomberg Law: The GDPR has taken privacy to the next level. Before the GDPR, nothing […]