Blog
Managing downstream risks of ‘do not sell’ fulfillment
Authored by: Camille Ley, Senior Privacy Consultant and Lindsay Farbent, Privacy ConsultantIf you are like many businesses that have implemented solutions to honor consumer do not sell/share requests in accordance with U.S. state privacy laws, you have likely placed a...
Key Steps for Meeting U.S. State PIA Obligations
Under expanding U.S. state privacy laws, businesses must be prepared to assess the protection of certain personal information and individuals’ privacy rights prior to initiating planned data processing activities. While similar impact assessments may be familiar if...
Implementation Notes: CPRA Draft Regulations and the Impact on Third-Party Agreements
The latest draft of CPRA regulations (released on November 3, 2022) includes new requirements for agreements with service providers, contractors, and third parties that retain, use, or disclose Personal Information (“PI”). The draft regs specify that agreements must:...
Use of Clinical Trial Patient Data for Future Research
By Dan Goldstein (dan.goldstein@tueoris.com), Co-founder and Partner, Tueoris, LLC – www.tueoris.com It’s a well-known fact in the life sciences world that data collected today in a clinical trial can have …
HIPAA Breach Notifications 2020: Analysis, Observations and Recommendations
Health Information Security/Privacy professionals should be familiar with the HIPAA Breach Notification Rule, which requires HIPAA covered entities (CEs) and their business associates (BAs) to provide notification to U.S. Department …
TPRM : Improving Outcomes in the Ecosystem
Third-Party Risk Management (TPRM) is a key component of information security (infosec) programs and it requires significant focus. This is borne out by breaches in the news as well as known data …
EU Personal Data Transfers 2021: Planning for a Year of Increased Scrutiny
By Dan Goldstein, Co-Founder, Tueoris, LLC and Daniela Fábián Masoch, Founder FABIAN PRIVACY LEGAL dan.goldstein@tueoris.com / www.tueoris.com daniela.fabian@privacylegal.ch / www.privacylegal.ch As 2021 begins, ex-EU transfers of personal data continue to …
GDPR Code of Conduct : Current State and Considerations for Next Steps
Since the EU General Data Protection Regulations (“GDPR”) came into effect in 2018, there has been much discussion, but little action, with regard to Article 40 Codes of Conduct (”Codes”) …
TPRM : Need for Change and The Way Forward
Third-Party Risk Management (TPRM) is a key component of information security (infosec) programs and it requires significant focus. This is borne out by breaches in the news as well as known data …