Blog
Determine if a Tracking Technology is a “Sale” or “Share”
With each state privacy regulation that emerges, there is growing scrutiny over organizations’ collection and processing of consumer personal information. More than ever, organizations are being held accountable for the personal information being collected directly...
Decoding Conversions API and Privacy Implications
Authored by: Gianna Jiang, Privacy Engineering ConsultantIn a world driven by technology, where ads seem to follow you around the internet, have you ever wondered how it all works? Buckle up, because we're about to uncover the new secret sauce of targeted advertising...
Managing downstream risks of ‘do not sell’ fulfillment
Authored by: Camille Ley, Senior Privacy Consultant and Lindsay Farbent, Privacy ConsultantIf you are like many businesses that have implemented solutions to honor consumer do not sell/share requests in accordance with U.S. state privacy laws, you have likely placed a...
Key Steps for Meeting U.S. State PIA Obligations
Under expanding U.S. state privacy laws, businesses must be prepared to assess the protection of certain personal information and individuals’ privacy rights prior to initiating planned data processing activities. While similar impact assessments may be familiar if...
Implementation Notes: CPRA Draft Regulations and the Impact on Third-Party Agreements
The latest draft of CPRA regulations (released on November 3, 2022) includes new requirements for agreements with service providers, contractors, and third parties that retain, use, or disclose Personal Information (“PI”). The draft regs specify that agreements must:...
Use of Clinical Trial Patient Data for Future Research
By Dan Goldstein (dan.goldstein@tueoris.com), Co-founder and Partner, Tueoris, LLC – www.tueoris.com It’s a well-known fact in the life sciences world that data collected today in a clinical trial can have …
HIPAA Breach Notifications 2020: Analysis, Observations and Recommendations
Health Information Security/Privacy professionals should be familiar with the HIPAA Breach Notification Rule, which requires HIPAA covered entities (CEs) and their business associates (BAs) to provide notification to U.S. Department …
TPRM : Improving Outcomes in the Ecosystem
Third-Party Risk Management (TPRM) is a key component of information security (infosec) programs and it requires significant focus. This is borne out by breaches in the news as well as known data …
EU Personal Data Transfers 2021: Planning for a Year of Increased Scrutiny
By Dan Goldstein, Co-Founder, Tueoris, LLC and Daniela Fábián Masoch, Founder FABIAN PRIVACY LEGAL dan.goldstein@tueoris.com / www.tueoris.com daniela.fabian@privacylegal.ch / www.privacylegal.ch As 2021 begins, ex-EU transfers of personal data continue to …