Sharon Bauer Sharon Bauer

I Know You Are But What Am I?

Can personal data be anonymized for one party while identifiable for another party? This has been a long-standing question and we finally have an answer. Processors who tokenize data should be aware of this new CJEU ruling to determine if they need to comply with the GDPR or any other privacy legislation.

Read More
Ross Saunders Ross Saunders

The Challenge of Public Expectation

When dealing with privacy and security, everyone jumps straight onto the compliance bandwagon. There are set laws, frameworks, regulations, standards and other checklists that allow you as a business to proudly state that you are compliant. But does ‘to-the-letter’ compliance match the public’s expectations?

Read More
Lauren Preston Lauren Preston

Consent - The Key to Trust and Respect of Customers

Like Europe and the UK, Quebec’s Law 25 has moved closer to ensuring that customers control how, when, and where their personal information is processed. Consent ensures that your customer’s personal information is treated like the precious cargo it is – handled with care and not tossed into the sea of manipulation. Consent allows the customer to set boundaries and feel like they are driving.

Read More
Ross Saunders Ross Saunders

Navigating the Tightrope: Balancing Security and Privacy Conflicts

In today's digital landscape, businesses face an ongoing struggle to strike the right balance between security and privacy. While robust security measures are essential to protect sensitive data and assets, maintaining customers’ and employees’ privacy is equally important to establish trust and comply with regulations. Privacy by Design (PbD) incorporates this as a principle (more on that in a future article), stating that it should not be a “zero sum” game; privacy and security should work together and not be in competition of one or the other.

Read More
Ross Saunders Ross Saunders

Help Clients Help Themselves: Privacy and Security in On-Premises Deployments

When you are a SaaS provider, you have control over the software you develop, as well as the deployment processes. You are good at securing your cloud and ensuring privacy legislation is adhered to. But, what happens when you offer an on-premises or hybrid solution that clients deploy on their own (or with your assistance)? How do you ensure that the software is still being kept in a secure state and that there won’t be any collateral damage and finger pointing should something go horribly wrong?

Read More
Ross Saunders Ross Saunders

Ready. Set. ISO!

We’ve seen a significant increase in the number of security assessments our clients are receiving from their own clients. For the more medium-size company, it starts becoming pertinent to align to a particular standard, of which there are many to choose from, each with their own merits and focus areas. One such standard that is very widely recognised, is ISO 27001.

Read More
Ross Saunders Ross Saunders

Removing the Blinkers: Assessing the PrivSec Threats to your Business

What happens when you cannot see the forest for the trees? There are so many threats out there it’s hard to keep up with which ones directly (and materially) affect your business. Businesses can waste tremendous time and effort in addressing generic threats that do not directly relate to their business, simply because it seemed like a good idea (or someone in power heard about it at the last conference they attended).

Read More
Sharon Bauer Sharon Bauer

Behind the Headset: The Privacy Pitfalls of Call Centres and How They're Putting Your Business at Risk

Call centres are often the first point of contact between customers and businesses. Over the past few years, with advances in technology, including AI, call centres are collecting more personal information than before and using it in novel ways. This article explores how call centres may violate privacy and what they can do to reduce their risk of non-compliance.

Read More
Lauren Preston Lauren Preston

The Invisible Stalker - How to handle geolocation data

Collecting geolocation information can be useful to your business, however, if not done properly, not only will you be non-compliant with privacy regulations, get fined, and find your company in a class-action lawsuit, but you will be classified as that “creepy stalker” that nobody wants to associate with. Read up on the latest cases involving geolocation data.

Read More
Sharon Bauer Sharon Bauer

R.I.P.: Re-Imagine Privacy Through a Trust Lens

Consumers have succumbed to the lack of privacy they have, and have come to terms that they must give up their information to participate in society and remain relevant. They know their information is ‘out there’ and they are not getting it back. They know that short of living in a cave, this way of life will not change. Privacy is dead. A reckoning is coming in which consumers will search for companies that are responsible with consumer information. They are searching for companies they can trust. Only those companies that are proactive in re-imagining privacy will remain relevant, profitable, and future-ready for a reckoning that is coming.

Read More
Ross Saunders Ross Saunders

How Left Do You Lean? Security Maturity in the SDLC

There’s something distinctly wrong about waiting for things to go wrong, and then patching and fixing it after the fact. This is something that happens all the time when it comes to security of software applications. All too often, security is considered as an afterthought, or when you’re rolling around to quality assurance, and not when the actual development has taken place.

Read More
Sharon Bauer Sharon Bauer

How Meta Is Using a Fire Extinguisher to Cook a Meal

Determining the lawful basis for processing personal data can, at times, be confusing as the six lawful bases outlined in the GDPR can be interpreted (or manipulated) to make it fit for purpose. You can no longer avoid seeking consent to process personal data by simply including it in a contract.

Read More
Sharon Bauer Sharon Bauer

Building Blocks to Earning Trust: The 4 C’s

Companies are so focused on collecting data because of its value that they often neglect something that is even more valuable because of its rarety - TRUST. This article discusses the four building blocks to earning trust, which will result in a company being more profitable, more relevant and future-ready for a data paradigm shift that is coming. When a company implements these four building blocks - Clarity, Culture, Craft and Communication - it will have a competitive advantage.

Read More
Ross Saunders Ross Saunders

Security Doesn't Stop At (Product) Retirement

Software products, similar to vehicles, old houses, and technologies, eventually reach the point where the cost of rebuilding and refactoring becomes greater than the cost of rewriting and releasing under a newer platform, language, or architecture. During these sunset phases of a product, development is often ramped down, resources are reduced, systems are terminated, and focus is given to the new products, betas, and rollout efforts. The risk of neglect towards critical “life support systems” at these stages is high, particularly in the security space.

Read More
Ross Saunders Ross Saunders

3 Common Blindspots for Personal Data

Many companies have some form of privacy program in place, whether it’s a very small program for an SME, to large complex governance plans for larger companies. Despite these maturities, there are some common blindspots you need to be aware of in the privacy space. This article breaks down three of the top unexpected sources of data we found while working with our clients.

Read More
Sharon Bauer Sharon Bauer

Secondary Purpose: Don’t be a creep

A big risk facing many companies today is what is known as “purpose creep” or “secondary purpose.” This is when personal information is collected for one purpose but is also used for a different purpose. If the individual who provides their information is not aware of the secondary purpose or does not provide consent to use the information for that other purpose, it may result in misuse of personal information, which is a breach.

Read More
Ross Saunders Ross Saunders

Law firms have their place. Writing your security policies is not it.

It sounds like a good idea. You’ve got a legal team on retainer, and they are completing a project for all your documents, so why not let them do your security and privacy documents too? Well, the fact is, Privacy and Security are specializations on their own, and this can lead to some pretty stark missteps in your policy implementation if they aren’t drafted to match your operations.

Read More
Ross Saunders Ross Saunders

The Tipping Scale: PrivSec vs. Convenience

We have all heard about the privacy versus convenience dilemma. There is also a trade-off between security and convenience. More security controls add a layer of complexity (and dare we say inconvenience) to opening files, transmitting information, and sharing data with others, which does not always make for a seamless process or gain customer satisfaction.

Read More
Sharon Bauer Sharon Bauer

Another Big Tech’s Move to Ditch Ad Tracking

Google is set to follow Apple in restricting cross-app tracking on its Android devices. Google’s Privacy Sandbox will lead to better ad privacy for users but will have a direct ad revenue impact on businesses. Having a trusted brand with a robust privacy program and a stellar value proposition can help businesses in this evolving landscape.

Read More