PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Cartoon: Data Minimization

Cartoon Data Minimization - TeachPrivacy Privacy Awareness Training 02 small

This privacy cartoon is about data minimization, a principle embodied in many privacy laws.  Under the data minimization principle, organizations are to collect, process, or share only the minimum necessary personal data to achieve their purpose.  There’s a lot of hat tipping to data minimization, but this principle is often not followed enough.  Far too […]

Cartoon: Data Breach Notification

Cartoon Data Beach Notification - TeachPrivacy Security Awareness Training 02 small

This cartoon is about data breach notification.  All 50 states plus the District of Columbia and Puerto Rico now have data breach notification laws, and breach notification laws are spreading around the globe.  And, as is often said in data security, it’s not whether a breach will happen, but when . . .

Cartoon: Artificial Intelligence

Cartoon Artificial Intelligence 02 small

This cartoon about artificial intelligence is based on something I often hear — that it is impossible to understand how certain decisions are made by certain algorithms.  I wonder whether this problem is due to the fact that not enough effort is being devoted to addressing ethical issues such as the transparency of the decisionmaking […]

Cartoon: GDPR Consent

Cartoon GDPR Consent - TeachPrivacy GDPR Training 02 medium

This cartoon is about consent under the GDPR.  Under the GDPR Article 6, consent is one of the six lawful bases to process personal data.  Article 7 provides further guidance about consent, including the data subject’s right to withdraw consent.  The meaning of what “consent” requires is most thoroughly stated in Recital 32: Consent should […]

Cartoon: HIPAA Protected Health Information

Cartoon HIPAA PHI - TeachPrivacy HIPAA Training 02

Here’s a new HIPAA cartoon. This cartoon is about protected health information (PHI).  In the HIPAA regulations, the definition of PHI is quite complicated, as it is splintered into at least three separate parts that appear in HIPAA’s definitions section.  Pursuant to HIPAA, 45 CFR 160.103: Health information means any information, including genetic information, whether oral or recorded […]

Cartoon: GDPR Data Portability

Cartoon GDPR Data Portability Santa - TeachPrivacy GDPR Training 02 medium

This cartoon is about the GDPR’s right to data portability under Article 20.  This right allows data subjects to take their data from one organization and transfer it easily to other organizations. Pursuant to the GDPR Article 20: 1. The data subject shall have the right to receive the personal data concerning him or her, […]

Cartoon: Data Localization

Cartoon Data Localization - TeachPrivacy Privacy Awareness Training 02 medium

This cartoon is based on a fairly recent trend – countries that are requiring data localization.  Data localization involves requirements that personal data collected in a certain country reside on servers within that country’s borders. Here are some articles on data localization worth looking at: • Bret Cohen, Britanie Hall, and Charlie Wood, Data Localization […]

Cartoon: GDPR Superhero

Cartoon GDPR Superhero - TeachPrivacy GDPR Training 02 medium

For global organizations as well as organizations in the EU, the GDPR has brought significant attention and resources to privacy.  Finally, many executives are beginning to take privacy seriously.  As I recently wrote in my article, Prime Time for Privacy, at Bloomberg Law: The GDPR has taken privacy to the next level. Before the GDPR, nothing […]