The 1:10:100 rule—coined in 1992 by George Labovitz and Yu Sang Chang, the rule describes how much bad data costs. Preventing the creation of bad data at its source costs $1. Remediating bad data costs $10. Doing nothing...more
When we write about data privacy, it’s easy to default to talking to “privacy professionals.”
But take a look at the privacy management industry: The privacy program managers, chief privacy officers, and other purely...more
Subject rights requests can be confusing for everybody involved.
Some consumers are savvy privacy advocates and expect their requests to be fulfilled to the letter. Others are just learning that they have subject rights...more
Martial artists use a colored belt system to denote their expertise. You start with a white belt, and, as you train and improve, you eventually achieve the next color and corresponding rank. Once you’ve gained a black belt,...more
“Don’t Mess with Texas.”
It’s an evocative phrase, which is probably why it survived so long past its humble origins as a 1980s campaign slogan to discourage drivers from littering on Texan highways....more
Heraclitus said that “The only constant in life is change,” but privacy professionals don’t need to turn to ancient Greek philosophy to grasp this concept. We can just use our eyes and observe our colleagues, industry,...more
Businesses in the US will be subject to a lot more scrutiny from consumers and regulators in 2025. With eight new data privacy laws going into effect over the course of the year, attorneys general will be eager to show...more
If you’re feeling out of the loop about Chrome’s personal data collection, you’re not the only one. Google had announced that it would be deprecating third-party cookies. Then it delayed the deprecation. Then they called the...more
We've all heard the saying, "Teamwork makes the dream work," but for privacy professionals, this isn't just an inspirational quote—it's a necessity. Specifically, collaboration with colleagues in security; privacy; and...more
Modern businesses have to be compliant with data privacy regulations. Everyone knows that.
But nobody likes being told they have to do something. Especially not when that something seems like an expensive, complicated...more
Getting the business to say “yes” to data privacy isn’t easy. Yet it remains one of the central tasks a data privacy professional must undertake.
After all, you can’t protect consumers, protect your organization, and achieve...more
Starting January 1, 2026, businesses operating in Rhode Island will need to comply with the Rhode Island Data Transparency and Privacy Protection Act, a mouthful of a law abbreviated as RIDTPPA. (Not exactly catchy, is it?)...more
In our recent webinar, It’s Time to Think About Data Mapping Differently, a poll revealed some interesting information: Nearly 50 percent of respondents house their data map in a spreadsheet. (Roughly 15 percent say they...more
Navigating the stringent requirements of data subject access requests (DSARs) can feel like summitting a mountain—the path forward isn’t always clear, pitfalls abound, and you’re fighting gravity all the way....more
As we wait for a federal privacy law in the U.S., the Land of 10,000 Lakes joins a growing number of states that now have their own laws. As expected, Minnesota’s data privacy law has similarities to other state privacy laws...more
If you’re a data person, or even if you’re not, you may have heard the statistic cited by Eric Schmidt, executive chairman at Google: “There were 5 exabytes of information created between the dawn of civilization through...more
Maryland recently joined the growing number of states enacting comprehensive consumer data privacy laws with the passage of the Maryland Online Data Privacy Act (MODPA).
Despite similarities with several other state...more
Research shows that the average business shares its data with over 730 different vendors. It’s hard enough to mitigate risk within your own organization—how do you mitigate risk from more than 730 external entities?...more
It’s official—the Cornhusker State has a new data privacy law. The Nebraska Data Privacy Act (NDPA) is now among the growing number of state laws businesses must contend with absent a federal law....more
It’s official. Kentucky will join Indiana, New Hampshire, and a slew of other states with the enactment of a comprehensive data privacy act.
The Kentucky Consumer Data Protection Act (KCDPA)–at least this iteration of...more
The GDPR contains plenty of requirements, penalties, obligations, rights, and definitions—but it doesn’t contain a specific template for DPIAs, or data protection impact assessments.
If you’re struggling to identify...more
New Hampshire has joined the many other states implementing comprehensive data privacy laws in the absence of an overarching federal regulation. While this means greater complexity for businesses, we’ve got you covered. Read...more
Whether as a consumer or as a stakeholder in a business, you’ve likely seen links reading “Do Not Sell My Personal Information” or “Do Not Sell or Share My Personal Information.”
On the surface, these links seem...more
One of data privacy’s greatest challenges is that it can all feel just so abstract.
What does it really mean for an individual’s data to be at “risk”? What activities are riskier than others?...more
Most people find data privacy compliance to be complicated enough. So, when they encounter the concept of data mapping—something that isn’t an explicit requirement in any data privacy law—many find themselves scratching their...more