This series explores how recent changes in U.S. privacy and data security laws are elevating retention schedules and data disposal from merely prudent practices to compliance requirements. Today’s companion post explores how the California Consumer Privacy Act (CCPA), without statutory provisions explicitly requiring data minimization or storage limitation, nevertheless incents covered businesses to carefully manage retention and disposal of personal information (PI).  But less than two years from now, the script gets flipped, with California…

This series explores how recent changes in U.S. privacy and data security laws are elevating retention schedules and data disposal from merely prudent practices to compliance requirements. The California Consumer Privacy Act, effective January 1, 2020, was the Untied States’ first state-level comprehensive data privacy law.  And the CCPA blogging blitzkreig has not been merely hype – the CCPA presages a fundamental shift in U.S. privacy law. The statute was a bit convoluted in its…

This series explores how recent changes in U.S. privacy and data security laws are elevating retention schedules and data disposal from merely prudent practices to compliance requirements. Last week’s post was a whirlwind history tour of U.S. data privacy law, honing in on the privacy principles of data minimization and storage limitation.  The punchline was that unlike most foreign data privacy regimes, and with but few exceptions, U.S. data privacy laws have focused primarily on…

This series explores how recent changes in U.S. privacy and data security laws are elevating retention schedules and data disposal from merely prudent practices to compliance requirements.   Forgive me, but to fully appreciate the impact of state data privacy laws on managing records retention and disposing of unnecessary data, a bit of history is needed (if you’re allergic to history, skip this post).  Our focus is through the narrow lens of two key elements of…

Businesses in the United States have a new imperative to carefully manage records retention and promptly dispose of unnecessary information (and no, it’s not due to GDPR or other global privacy law developments).  Recent changes in U.S. data security and privacy laws, and the trends they portend, are elevating the disposal of unnecessary data from a risk management strategy to a compliance requirement. Managing data volumes has always been prudent.  Using retention schedules to curb…

In 2019, the Global Health Index evaluated the epidemic preparedness and response capabilities of 195 countries and ranked the United States as number one.  Yet as of today, with nearly four million confirmed Covid cases and over 143 thousand deaths, the United States leads the world in a very different way. We assessed the risks, both the likelihood and potential severity of a pandemic.  We did extensive planning for the structures, direction, and…

In early 2018, outbreaks of a novel parainfluenza virus erupted in Frankfurt, Germany and Caracas, Venezuela.  United States soldiers serving abroad contracted the virus, and an exchange student returning to a small New England college campus triggered the initial cases in our country.  The virus spread by coughing and caused severe symptoms in about half of those infected, killing 20% of severely ill patients.  With no vaccination available, the novel virus spread rapidly across the…