PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Cartoon: GDPR Compliance

Cartoon GDPR Compliance - TeachPrivacy GDPR Training 02 medium

Organizations are racing to get ready for the GDPR implementation date of May 25, 2018.  Complete GDPR compliance in a few months is likely not feasible for many organizations, but this shouldn’t mean that these organizations should give up.  Making a good-faith effort and continuing to strive to improve are quite worthwhile.

GDPR Whiteboard and GDPR Interactive Whiteboard

GDPR Whiteboard - TeachPrivacy GDPR Training

Recently, I created two new GDPR training resources. GDPR Whiteboard I created a 1-page visual summary of the GDPR, which I call the GDPR Whiteboard.  The idea was to capture the key points of the General Data Protection Regulation (GDPR) in a succinct and visually-engaging way.  It has become quite popular, receiving thousands of downloads.  You […]

Cartoon: GDPR Right to Be Forgotten

Cartoon GDPR Right to Be Forgotten - TeachPrivacy GDPR Training

The GDPR Article 17 provides for a right to erasure — commonly known as the “right to be forgotten.”  Data subjects may request that an organization erase their personal data “without undue delay” under a number of circumstances.  These circumstances include when the data is no longer relevant to the purposes of collection, when consent […]

FTC v. AT&T Mobility

FTC v. ATT Mobility

In a very important decision, FTC v. AT&T Mobility (9th Cir. 2018 en banc),  the U.S. Court of Appeals for the 9th Circuit en banc reversed an earlier panel decision that severely limited the FTC’s jurisdiction to protect privacy and data security.  I strongly criticized the panel decision in an previous blog post. The FTC has taken […]

The International Privacy+Security Forum

International Privacy+Security Forum

The International Privacy+Security Forum (February 26-27, 2018 in Washington DC) is next week. The International Forum is a new annual sister event to the Privacy+Security Forum, an annual event held in October at George Washington University in Washington, DC.  The regular Privacy+Security Forum will be in its 4th year in 2018.  This past year, we […]

Cartoon: GDPR’s Scope

Cartoon GDPR Scope

I turned my short GDPR vignette about GDPR’s territorial scope into a cartoon.  The GDPR applies not just to all EU organizations that process personal data.  The GDPR also applies to non-EU established organizations that offer goods and services to EU citizens or that monitor behavior within the EU. The GDPR thus has quite a long […]

Chart of FTC Commissioners and Chairpersons 1915-2018

The FTC released the above chart showing the history of Commissioners, Chairwomen and Chairman of the FTC from 1915 through the present day. According to the chart, The Federal Trade Commission is composed of five Commissioners, and their terms extend for seven years. The Commissioners are appointed by the President with the advice and consent […]

GDPR Cartoon: Lawful Processing

Cartoon GDPR Lawful Processing

This cartoon focuses on the lawful processing requirement.  Under the EU’s General Data Protection Regulation G(DPR), the collection and processing of personal data must be for “specified, explicit and legitimate purposes.”   This is in contrast to the United States where the processing of personal information is permitted unless a law forbids it. Under the GDPR, […]

Key WP29 Documents for GDPR

EU Article 29 Working Party GDPR Guidance

The Article 29 Working Party was created by the EU Data Protection Directive in 1996.  Its purpose is to provide advice, opinions, and guidance about data protection.  The Article 29 Working Party is composed of a representative from each EU member state.  The General Data Protection Regulation (GDPR) will replace the Working Party with the […]

Cartoon on GDPR Vendor Management

Cartoon GDPR Vendor Management TeachPrivacy GDPR Training

  This cartoon depicts the challenges of complying with GDPR’s requirements for vendor management.   Under the GDPR, there are serious responsibilities when using a vendor to process personal data.  Broadly, there are three things that data controllers must do: 1. Data controllers must perform due diligence in selecting vendors and that are complaint with GDPR. […]