Privata Vox Blog

Filter by Topic:

All
  • All
  • Data Controllers
  • Data Processors
  • General
  • Regulatory
  • Risk Mitigation

Data Controller/Data Processor Contracts #3:
Indemnification

There may be no more confusing and misunderstood area of controller-processor contracts than insurance and indemnification. Controllers often expect processors to accept liability, while ignoring the quality (or existence) of processors’ underlying insurance coverage. Processors, on the other hand, often buy insurance products that provide minimal or no protection to meet those controller expectations. This…

Read More about Data Controller/Data Processor Contracts #3:Indemnification

Contractually Defining Information Custody Transfers

KEY TAKEAWAYS: Information custody transfers are far more ubiquitous and riskier than most organizations appreciate. From a legal and regulatory perspective, “access to” equals “custody of.” There are specific elements and contractual assurances upon which all organizations should insist when transferring personal or proprietary information. Failure to obtain the appropriate assurances from any vendor accessing…

Read More about Contractually Defining Information Custody Transfers

Flawed ITAM: Known Cyber Security Risks Spell Trouble for CISOs and Boards

Yesterday’s SEC release alleging that software developer SolarWinds Corp. and its Chief Information Security Officer (CISO) T. Brown misled investors about known cybersecurity risks and vulnerabilities is yet another in a series of Commission actions regarding cybersecurity that should be setting off alarms for CISOs, CIOs, and the boards at all publicly traded companies and…

Read More about Flawed ITAM: Known Cyber Security Risks Spell Trouble for CISOs and Boards

Data Controller/Data Processor Contracts #2:
Regulatory Alignment

This is the second blog in an ongoing series examining the often-overlooked nuances of data controller/data processor contracts. Regulatory alignment is one of the primary reasons regulations require contracts between data controllers and data processors. And, yet, despite its primacy, many contracts make the mistake of establishing this linkage with an overly simplistic clause stating…

Read More about Data Controller/Data Processor Contracts #2:Regulatory Alignment

Data Controller/Data Processor Contracts #1:
Applicability

This blog explains why and when organizations should require contracts with service providers that have access to customer or employee personal information. One of the most underappreciated aspects of data controller/data processors contracts is when they are needed. This results from either 1) a lack of awareness of their necessity, or 2) the failure to…

Read More about Data Controller/Data Processor Contracts #1:Applicability

Why “Segregation of Duties” Should be Applied to ITAM-ITAD

Segregation of Duties (SODs), a.k.a. Separation of Duties, is the basic fiduciary mechanism that prevents an individual or department from having full custody of process integrity where there is an inherent conflict of interest or an opportunity for fraud. As the name denotes, to mitigate these potential problems, the duties related to those processes are…

Read More about Why “Segregation of Duties” Should be Applied to ITAM-ITAD

What Does a DPO Do?

Faced with the requirement of retaining a Data Protection Officer (DPO), it is important to understand their role. Regulatory language describing the duties of a DPO list the following: Monitor compliance with relevant regulations and with the company’s own policies in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and…

Read More about What Does a DPO Do?

The Dangers of Uncontrolled Records & Old Electronics

This blog describes how squirreled-away or forgotten documents and electronic equipment 1) undermine an organization’s records retention policy, 2) constitute a security risk, 3) complicate legal discovery compliance, and 4) violate new privacy regulations. __________ What are Uncontrolled Records and Old Electronics? The legal definition of a “business record” is any and all information recorded…

Read More about The Dangers of Uncontrolled Records & Old Electronics

How to Mitigate the ITAD Whistleblower Challenge

A series of recent Security and Exchange Commission (SEC) announcements point to the increasing risk of whistleblowers stemming from improper IT asset disposal (ITAD) practices. First, over the past year, the SEC has issued a number of statements and proposals indicating its intentions to hold organizations (and boards) under its jurisdiction accountable for cybersecurity. At…

Read More about How to Mitigate the ITAD Whistleblower Challenge

Subscribe to stay up to date with new blog posts, speaking appearances, and more.

Subscribe To Updates

Email(Required)