In the real world, what to do has never been as impactful as why to do it. For the 2020s, the newest impetus for managing information retention and disposal is crystal clear – data privacy and security compliance
Less Data is Now Even More Than Ever
Information Governance Group Blogs
Latest from Information Governance Group
Less Data #6: Explosion of new state consumer privacy laws compels deletion of unnecessary data
We’re witnessing a “rapid, unscheduled disassembly” (thanks SpaceX) of comprehensive consumer privacy laws across the United States. While these new state laws generally have a different, sleeker structure than California’s CCPA/CPRA, they share a similar impact – each such law
Less Data #5: With CPRA, California doubles down on deleting unnecessary data
Last month California finalized its updated regulations under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). With the CPRA, California has upped the ante on requiring data retention schedules and disposal of unnecessary
Less Data #4: Illinois court rules that lack of data retention schedule violates BIPA
Illinois court rules that failure to establish a biometric data retention schedule is an actionable BIPA violation. What may this mean for other states’ privacy laws that require data minimization and storage limitation policies?
Less Data #3: New FTC enforcement actions require retention schedules and data disposal
We’ve already seen how new FTC regulations for GLBA-regulated financial institutions require retention schedules and disposal of unnecessary data as essential data security controls. The FTC is now also taking that position for all businesses under Section 5 of the
Less Data #2: New FTC Safeguards Rule requirements for data disposal
The FTC has updated its data security regulations for the financial institutions it regulates under the Gramm-Leach-Bliley Act (GLBA). The FTC’s revised requirements for information security programs, effective June 1, 2023, will now mandate data retention policies and disposal of
Less Data #1: State-level data security regulators are enforcing data disposal
Data security laws increasingly require disposal of unnecessary data, But will regulators take this seriously?
Less Data is (even) More Than Ever
Two years ago I made a prediction: “For the 2020s, the dots already connect clearly – the new impetus for managing information retention and disposal will be data privacy and security compliance. Buckle up.”
This was the last line of a
The Puzzle of State PII Breach Notification Statutes
It’s once again time for a summary round-up for the puzzling array of state PII breach notification laws.
Back in 2002, California enacted the first state law mandating notification of individuals whose personally identifiable information (PII) is breached. By 2018
