Consumers have succumbed to the lack of privacy they have, and have come to terms that they must give up their information to participate in society and remain relevant. They know their information is ‘out there’ and they are not getting it back. They know that short of living in a cave, this way of life will not change. Privacy is dead. A reckoning is coming in which consumers will search for companies that are responsible with consumer information. They are searching for companies they can trust. Only those companies that are proactive in re-imagining privacy will remain relevant, profitable, and future-ready for a reckoning that is coming.

There’s something distinctly wrong about waiting for things to go wrong, and then patching and fixing it after the fact. This is something that happens all the time when it comes to security of software applications. All too often, security is considered as an afterthought, or when you’re rolling around to quality assurance, and not when the actual development has taken place.

Determining the lawful basis for processing personal data can, at times, be confusing as the six lawful bases outlined in the GDPR can be interpreted (or manipulated) to make it fit for purpose. You can no longer avoid seeking consent to process personal data by simply including it in a contract.

Companies are so focused on collecting data because of its value that they often neglect something that is even more valuable because of its rarety - TRUST. This article discusses the four building blocks to earning trust, which will result in a company being more profitable, more relevant and future-ready for a data paradigm shift that is coming. When a company implements these four building blocks - Clarity, Culture, Craft and Communication - it will have a competitive advantage.

Software products, similar to vehicles, old houses, and technologies, eventually reach the point where the cost of rebuilding and refactoring becomes greater than the cost of rewriting and releasing under a newer platform, language, or architecture. During these sunset phases of a product, development is often ramped down, resources are reduced, systems are terminated, and focus is given to the new products, betas, and rollout efforts. The risk of neglect towards critical “life support systems” at these stages is high, particularly in the security space.

Many companies have some form of privacy program in place, whether it’s a very small program for an SME, to large complex governance plans for larger companies. Despite these maturities, there are some common blindspots you need to be aware of in the privacy space. This article breaks down three of the top unexpected sources of data we found while working with our clients.

A big risk facing many companies today is what is known as “purpose creep” or “secondary purpose.” This is when personal information is collected for one purpose but is also used for a different purpose. If the individual who provides their information is not aware of the secondary purpose or does not provide consent to use the information for that other purpose, it may result in misuse of personal information, which is a breach.

It sounds like a good idea. You’ve got a legal team on retainer, and they are completing a project for all your documents, so why not let them do your security and privacy documents too? Well, the fact is, Privacy and Security are specializations on their own, and this can lead to some pretty stark missteps in your policy implementation if they aren’t drafted to match your operations.

We have all heard about the privacy versus convenience dilemma. There is also a trade-off between security and convenience. More security controls add a layer of complexity (and dare we say inconvenience) to opening files, transmitting information, and sharing data with others, which does not always make for a seamless process or gain customer satisfaction.

Google is set to follow Apple in restricting cross-app tracking on its Android devices. Google’s Privacy Sandbox will lead to better ad privacy for users but will have a direct ad revenue impact on businesses. Having a trusted brand with a robust privacy program and a stellar value proposition can help businesses in this evolving landscape.

Classification of data within your possession is not necessarily something that a lot of companies (particularly smaller ones) think of, but the practice is becoming a regular requirement of security attestations and Data Processing Agreements (DPAs). Within the privacy and information security spaces, different types of information are treated differently, be it relating to how it is stored, or even where it is transferred (for example, there may be restrictions on transferring medical details outside of your country of residence).

The EU’s Data Governance Act promotes decentralized intercompany channels, opportunities, and data governance to enhance the EU’s data economy.

Apple’s decision to scan iPhones for child sexual abuse material (CSAM) may not have a positive impact as one would think.

As the fiscal year comes to an end, spending your entire privacy budget will ensure privacy has a voice at the table and the privacy function will have sufficient resources next year. The typical ‘if you don’t use it, you lose it’ situation. Don’t let it happen.

In-house counsel designated as a Privacy Officer should seek assistance from privacy experts to help them succeed in their new role.

Apple’s new privacy regime has marketers rethinking how to track users with transparency.

Canada’s new federal privacy regime, CPPA, to effectively replace PIPEDA. How small and medium businesses can prepare for this overhaul.

Embedding privacy into educational online tools

Operationalizing facial recognition and remaining privacy compliant

When conducting Privacy Impact Assessments (PIA), companies need to take a contextual approach, rather than have their service, product or process simply fit within the letter of the law.