Robert J. Johnson, CSDS, CIPP/US, CIPP/E

A person is using their fingertip to select a virtual image in the foreground of a gear icon with the words "Value Proposition."

A New Value-Add for Data Protection Service Providers

September 11, 2024
Posted in

There is a new opportunity for data protection service providers to increase their value to current and prospective clients, and it stems from the overwhelming number of corporations now publicly committing to global data protection and privacy compliance. To learn more about who is and why they are, see the related blog titled “Why Large…

Read More
An illustration of a person in a dark suit placing an oversized puzzle piece into a large-scale world map puzzle

Why Large Corporations are Taking a Globally Compliant Approach to Data Privacy

September 11, 2024
Posted in

The number of high-profile corporations committing to a global approach to data protection and privacy compliance is staggering. It might be easier to find one that isn’t. A partial list includes Airbnb, Adobe, Amazon, American Express, Apple, AT&T, Boeing, Chevron, Citibank, Cisco, Coca-Cola, Dell Technologies, Dropbox, eBay, ExxonMobil, Ford, General Motors, Goldman Sachs, Alphabet, HP…

Read More
A person who appears to be contemplating has a small angel on one shoulder and a small devil on the other.

The 4 Compliance Strategies of Data Processors

August 19, 2024
Posted in

Organizations rely on a number of different Data Processors for things like record storage, secure shredding, computer recycling, and a long list of other services that require sharing access to regulated personal information. And, though it doesn’t replace the requisite vendor selection due diligence evaluation, assessing their compliance acumen can help determine the service provider’s…

Read More
The words NON-COMPETE appear on an illustrated circular sign with a red prohibited symbol.

Ensuring Security with NDAs in a Post Non-Compete World

May 29, 2024
Posted in

This entry explains how combining a non-disclosure agreement (NDA) with a strong information protection policy is now the best way to prevent former employees from sharing competition-sensitive information.  And, while others have pointed to NDAs as an alternative, they fail to identify the critical importance information protection policies play in this strategy. Most current employees…

Read More
A large red apple sits next to a small red cherry on a white surface.

Why Data Processors Need Two Information Protection Policies

May 10, 2024
Posted in

This entry explains why data processors (in particular) should have two distinct complementary types of information protection policies: one outlining the information security practices related to the services they provide data controllers, and another covering how they protect the vital information used to run their business. All modern data protection regulations require data controllers (clients)…

Read More
The word VENDOR is shown in red letters through a magnifying glass.

What Business Services are Data Processors, and Why Does It Matter?

April 15, 2024
Posted in

This entry is intended to help both novice and veteran data protection professional appreciate the number and types of service providers subject to the compliance requirements of privacy regulations. As far back as the mid 1990s, regulations have reflected the fact that data-related vendors, a.k.a., data processors, are critical to data controllers’ ability to protect…

Read More
A globe that is patterned with business-related photos is floating in an orbit and being hit with a sharp beam of light.

How AI Tools Could Compromise Intellectual Property Rights

March 1, 2024
Posted in

For close to 70 years, case law and regulatory enforcement have firmly established that in order to defend its intellectual property (IP) rights, an organization must demonstrate that it has appropriately protected the information from unauthorized and unnecessary access. In other words, courts and regulators decided long ago that they were not going to defend…

Read More
Closeup photo of two people shaking hands

Data Controller/Data Processor Contracts #3:
Indemnification

January 15, 2024
Posted in

There may be no more confusing and misunderstood area of controller-processor contracts than insurance and indemnification. Controllers often expect processors to accept liability, while ignoring the quality (or existence) of processors’ underlying insurance coverage. Processors, on the other hand, often buy insurance products that provide minimal or no protection to meet those controller expectations. This…

Read More
Closeup image of a computer keyboard that has one key marked "Vendor Management" in red letters

Contractually Defining Information Custody Transfers

November 7, 2023
Posted in

KEY TAKEAWAYS: Information custody transfers are far more ubiquitous and riskier than most organizations appreciate. From a legal and regulatory perspective, “access to” equals “custody of.” There are specific elements and contractual assurances upon which all organizations should insist when transferring personal or proprietary information. Failure to obtain the appropriate assurances from any vendor accessing…

Read More
Businessman hands typing on laptop with triangular malware caution warning sign.

Flawed ITAM: Known Cyber Security Risks Spell Trouble for CISOs and Boards

October 31, 2023
Posted in

Yesterday’s SEC release alleging that software developer SolarWinds Corp. and its Chief Information Security Officer (CISO) T. Brown misled investors about known cybersecurity risks and vulnerabilities is yet another in a series of Commission actions regarding cybersecurity that should be setting off alarms for CISOs, CIOs, and the boards at all publicly traded companies and…

Read More