Data Protection Conference in Tirana Forecasts an International Focus in 2020 on Converging Privacy Laws and Accountability

Last fall, the International Data Protection and Privacy Commissioners’ Conference convened in Tirana, Albania. Achieved Compliance once again participated in this annual meeting, which brings together regulators, experts, advocates and practitioners from around the globe. By attending this meeting, Achieved Compliance benefits from the opportunity to understand what concerns data protection authorities and on what issues they will focus their attention over the coming year. The theme of this year’s meeting was Convergence and Connectivity:  Raising Global Data Protection Standards in the Digital Age. The conference posed the questions – How are laws converging, and what factors are driving convergence? What are the challenges in building more convergence…

READ MORE
Privacy Guidelines

New Privacy Guidance From NIST and ISO

National Institute of Standards and Technology, ISO Release Privacy Guidance Companies seeking guidance about how to understand privacy risks and to implement measures to address them should be aware of two new resources – The National Institute of Standards and Technology’s (“NIST”) draft Privacy Framework and the International Organization for Standardization’s (“ISO”) International Standard for privacy information management. These tools are designed to work alongside existing guidelines for cybersecurity and the requirements of emerging law such as the General Data Protection Regulation and the California Consumer Privacy Act. The NIST Privacy Framework   In September, NIST, an agency of the U.S. Department of Commerce, released a preliminary draft of…

READ MORE
GDPR Identity Verification

Loose Identity Verification Puts You at Risk for Fraud

Subject Access Requests (SARs) under the GDPR Now is the time to tighten up your identity verification methods. Without tight verification methods, you open yourself up to GDPR regulators and you put your customers at risk of being a victim of fraud. Individuals Can Request Access to Their Personal Data Article 15 of the GDPR gives individuals a “right of access” to their personal data, under which they can request specifics about the personal data a business holds about them, or the organization’s purpose for processing the data, the categories of personal data held, who has access to the data, whether or not it will be transferred outside of…

READ MORE