For those not tracking the evolution of California’s Consumer Privacy Act (CaCPA), we’ve got some updates for you! While most are just familiarizing themselves with CaCPA’s original requirements, a new senate bill (SB-561) was just introduced last week by two California Senators with intention to further strengthen the rights of Californians. And while changes to the bill are already hardly considered uncommon, the amendments could raise the stakes for organizations who are already concerned with the Acts expectations.

With the General Data Protection Regulation (GDPR) becoming effective May 25, 2018, organizations (or rather, organisations) seem to be stressing a bit. Most we speak with are asking, “where do we even start?” or “what is included as personal data under the GDPR?” It is safe to say that these are exactly the questions organizations should be asking, but to know where to start, organizations first need to understand how the GDPR applies to their organization within this new definition for personal data. Without first understanding what to look for, an organization cannot begin to perform data discovery and data mapping exercises, review data management practices and prepare the organization for compliance with the GDPR.

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) was created to best uphold the fundamental personal information rights of individuals and further unify the member states of the EU in their endeavor to manage and protect data. The GDPR’s predecessor, the Data Protection Directive (the Directive) was in place to afford similar protections to data subjects. However, since the Directive’s adoption in 1995, we’ve seen tremendous changes to the technology landscape and a constancy of cross-boarder data transfers, and we’ve recognized that the protections offered through the previous legislation were antiquated and obsolete. With the introduction of the GDPR, individuals have been empowered like never before, and organizations bound to the new framework are starting to feel the weight of that.

I’m sure you’ll have noticed in the last few years of using smart phones that every time you add a new app, no matter what that app is for, it asks if it can “use your location”. Sure, you get a chance to allow or not, but how many of us just click that allow button without thinking what information that simple choice conveys?

According to a recent survey published by RightScale Inc., more than 90 percent of businesses use some form of cloud technology. The benefits of using the cloud are clearly undeniable, but that doesn’t mean getting set up and running on the proper solution for your organization is effortless.

Employees are one of the weakest links in any business’ security defenses, especially if there is a lack of awareness about criminal attacks that are designed to obtain sensitive information from organizations.

“Scientia potentia est”. “Knowledge is power”.

American companies are hotfooted to clinch the new requirements of the Privacy Shield. Since the European Commission officially adopted the framework on July 12, organizations have scurried to understand the finalized principles, determine the applicability of each, and develop a plan for implementing any necessary privacy mechanisms and controls. Like most legal texts though, the Privacy Shield can be difficult to digest. Some of the principles have been significantly restructured, are riddled with stipulations and situational exceptions, and are a bit ambiguous. Our firm’s fielded an inpouring of questions looking for perspective and advice on which aspects of the Privacy Shield will be the riskiest and most burdensome. Here is my two cents worth on trying to prioritize and tackle some of the essentials.