Privata Vox® Blog
Filter by Topic:
- All
- Data Controllers
- Data Processors
- General
- Regulatory
- Risk Mitigation
A New Value-Add for Data Protection Service Providers
There is a new opportunity for data protection service providers to increase their value to current and prospective clients, and it stems from the overwhelming number of corporations now publicly committing to global data protection and privacy compliance. To learn more about who is and why they are, see the related blog titled “Why Large…
Why Large Corporations are Taking a Globally Compliant Approach to Data Privacy
The number of high-profile corporations committing to a global approach to data protection and privacy compliance is staggering. It might be easier to find one that isn’t. A partial list includes Airbnb, Adobe, Amazon, American Express, Apple, AT&T, Boeing, Chevron, Citibank, Cisco, Coca-Cola, Dell Technologies, Dropbox, eBay, ExxonMobil, Ford, General Motors, Goldman Sachs, Alphabet, HP…
The 4 Compliance Strategies of Data Processors
Organizations rely on a number of different Data Processors for things like record storage, secure shredding, computer recycling, and a long list of other services that require sharing access to regulated personal information. And, though it doesn’t replace the requisite vendor selection due diligence evaluation, assessing their compliance acumen can help determine the service provider’s…
Ensuring Security with NDAs in a Post Non-Compete World
This entry explains how combining a non-disclosure agreement (NDA) with a strong information protection policy is now the best way to prevent former employees from sharing competition-sensitive information. And, while others have pointed to NDAs as an alternative, they fail to identify the critical importance information protection policies play in this strategy. Most current employees…
What Business Services are Data Processors, and Why Does It Matter?
This entry is intended to help both novice and veteran data protection professional appreciate the number and types of service providers subject to the compliance requirements of privacy regulations. As far back as the mid 1990s, regulations have reflected the fact that data-related vendors, a.k.a., data processors, are critical to data controllers’ ability to protect…
How AI Tools Could Compromise Intellectual Property Rights
For close to 70 years, case law and regulatory enforcement have firmly established that in order to defend its intellectual property (IP) rights, an organization must demonstrate that it has appropriately protected the information from unauthorized and unnecessary access. In other words, courts and regulators decided long ago that they were not going to defend…
Data Controller/Data Processor Contracts #3:
Indemnification
There may be no more confusing and misunderstood area of controller-processor contracts than insurance and indemnification. Controllers often expect processors to accept liability, while ignoring the quality (or existence) of processors’ underlying insurance coverage. Processors, on the other hand, often buy insurance products that provide minimal or no protection to meet those controller expectations. This…
Contractually Defining Information Custody Transfers
KEY TAKEAWAYS: Information custody transfers are far more ubiquitous and riskier than most organizations appreciate. From a legal and regulatory perspective, “access to” equals “custody of.” There are specific elements and contractual assurances upon which all organizations should insist when transferring personal or proprietary information. Failure to obtain the appropriate assurances from any vendor accessing…