Privata Vox® Blog

Filter by Topic:

All
  • All
  • Data Controllers
  • Data Processors
  • General
  • Regulatory
  • Risk Mitigation

Ensuring Security with NDAs in a Post Non-Compete World

This entry explains how combining a non-disclosure agreement (NDA) with a strong information protection policy is now the best way to prevent former employees from sharing competition-sensitive information.  And, while others have pointed to NDAs as an alternative, they fail to identify the critical importance information protection policies play in this strategy. Most current employees…

Read More about Ensuring Security with NDAs in a Post Non-Compete World

Why Data Processors Need Two Information Protection Policies

This entry explains why data processors (in particular) should have two distinct complementary types of information protection policies: one outlining the information security practices related to the services they provide data controllers, and another covering how they protect the vital information used to run their business. All modern data protection regulations require data controllers (clients)…

Read More about Why Data Processors Need Two Information Protection Policies

What Business Services are Data Processors, and Why Does It Matter?

This entry is intended to help both novice and veteran data protection professional appreciate the number and types of service providers subject to the compliance requirements of privacy regulations. As far back as the mid 1990s, regulations have reflected the fact that data-related vendors, a.k.a., data processors, are critical to data controllers’ ability to protect…

Read More about What Business Services are Data Processors, and Why Does It Matter?

How AI Tools Could Compromise Intellectual Property Rights

For close to 70 years, case law and regulatory enforcement have firmly established that in order to defend its intellectual property (IP) rights, an organization must demonstrate that it has appropriately protected the information from unauthorized and unnecessary access. In other words, courts and regulators decided long ago that they were not going to defend…

Read More about How AI Tools Could Compromise Intellectual Property Rights

Data Controller/Data Processor Contracts #3:
Indemnification

There may be no more confusing and misunderstood area of controller-processor contracts than insurance and indemnification. Controllers often expect processors to accept liability, while ignoring the quality (or existence) of processors’ underlying insurance coverage. Processors, on the other hand, often buy insurance products that provide minimal or no protection to meet those controller expectations. This…

Read More about Data Controller/Data Processor Contracts #3:Indemnification

Contractually Defining Information Custody Transfers

KEY TAKEAWAYS: Information custody transfers are far more ubiquitous and riskier than most organizations appreciate. From a legal and regulatory perspective, “access to” equals “custody of.” There are specific elements and contractual assurances upon which all organizations should insist when transferring personal or proprietary information. Failure to obtain the appropriate assurances from any vendor accessing…

Read More about Contractually Defining Information Custody Transfers

Flawed ITAM: Known Cyber Security Risks Spell Trouble for CISOs and Boards

Yesterday’s SEC release alleging that software developer SolarWinds Corp. and its Chief Information Security Officer (CISO) T. Brown misled investors about known cybersecurity risks and vulnerabilities is yet another in a series of Commission actions regarding cybersecurity that should be setting off alarms for CISOs, CIOs, and the boards at all publicly traded companies and…

Read More about Flawed ITAM: Known Cyber Security Risks Spell Trouble for CISOs and Boards

Data Controller/Data Processor Contracts #2:
Regulatory Alignment

This is the second blog in an ongoing series examining the often-overlooked nuances of data controller/data processor contracts. Regulatory alignment is one of the primary reasons regulations require contracts between data controllers and data processors. And, yet, despite its primacy, many contracts make the mistake of establishing this linkage with an overly simplistic clause stating…

Read More about Data Controller/Data Processor Contracts #2:Regulatory Alignment

Data Controller/Data Processor Contracts #1:
Applicability

This blog explains why and when organizations should require contracts with service providers that have access to customer or employee personal information. One of the most underappreciated aspects of data controller/data processors contracts is when they are needed. This results from either 1) a lack of awareness of their necessity, or 2) the failure to…

Read More about Data Controller/Data Processor Contracts #1:Applicability

Subscribe to stay up to date with new blog posts, speaking appearances, and more.

Subscribe To Updates

Email(Required)