Companies are so focused on collecting data because of its value that they often neglect something that is even more valuable because of its rarety - TRUST. This article discusses the four building blocks to earning trust, which will result in a company being more profitable, more relevant and future-ready for a data paradigm shift that is coming. When a company implements these four building blocks - Clarity, Culture, Craft and Communication - it will have a competitive advantage.

Software products, similar to vehicles, old houses, and technologies, eventually reach the point where the cost of rebuilding and refactoring becomes greater than the cost of rewriting and releasing under a newer platform, language, or architecture. During these sunset phases of a product, development is often ramped down, resources are reduced, systems are terminated, and focus is given to the new products, betas, and rollout efforts. The risk of neglect towards critical “life support systems” at these stages is high, particularly in the security space.

Many companies have some form of privacy program in place, whether it’s a very small program for an SME, to large complex governance plans for larger companies. Despite these maturities, there are some common blindspots you need to be aware of in the privacy space. This article breaks down three of the top unexpected sources of data we found while working with our clients.

A big risk facing many companies today is what is known as “purpose creep” or “secondary purpose.” This is when personal information is collected for one purpose but is also used for a different purpose. If the individual who provides their information is not aware of the secondary purpose or does not provide consent to use the information for that other purpose, it may result in misuse of personal information, which is a breach.

It sounds like a good idea. You’ve got a legal team on retainer, and they are completing a project for all your documents, so why not let them do your security and privacy documents too? Well, the fact is, Privacy and Security are specializations on their own, and this can lead to some pretty stark missteps in your policy implementation if they aren’t drafted to match your operations.

We have all heard about the privacy versus convenience dilemma. There is also a trade-off between security and convenience. More security controls add a layer of complexity (and dare we say inconvenience) to opening files, transmitting information, and sharing data with others, which does not always make for a seamless process or gain customer satisfaction.

Google is set to follow Apple in restricting cross-app tracking on its Android devices. Google’s Privacy Sandbox will lead to better ad privacy for users but will have a direct ad revenue impact on businesses. Having a trusted brand with a robust privacy program and a stellar value proposition can help businesses in this evolving landscape.

Classification of data within your possession is not necessarily something that a lot of companies (particularly smaller ones) think of, but the practice is becoming a regular requirement of security attestations and Data Processing Agreements (DPAs). Within the privacy and information security spaces, different types of information are treated differently, be it relating to how it is stored, or even where it is transferred (for example, there may be restrictions on transferring medical details outside of your country of residence).

The EU’s Data Governance Act promotes decentralized intercompany channels, opportunities, and data governance to enhance the EU’s data economy.

Apple’s decision to scan iPhones for child sexual abuse material (CSAM) may not have a positive impact as one would think.

As the fiscal year comes to an end, spending your entire privacy budget will ensure privacy has a voice at the table and the privacy function will have sufficient resources next year. The typical ‘if you don’t use it, you lose it’ situation. Don’t let it happen.

In-house counsel designated as a Privacy Officer should seek assistance from privacy experts to help them succeed in their new role.

Apple’s new privacy regime has marketers rethinking how to track users with transparency.

Canada’s new federal privacy regime, CPPA, to effectively replace PIPEDA. How small and medium businesses can prepare for this overhaul.

Embedding privacy into educational online tools

Operationalizing facial recognition and remaining privacy compliant

When conducting Privacy Impact Assessments (PIA), companies need to take a contextual approach, rather than have their service, product or process simply fit within the letter of the law.

How employers can protect employee privacy when returning to work during COVID-19

Embedding Privacy Into Machine Learning

Wealth Managers’ Fiduciary Duty to Protect their Clients’ Personal Information