Selecting the right initial project(s), determining outcomes and measures, and preparing the business case are important groundwork for your Information Governance initiative, as discussed in Part 1. But to secure resilient management support for an ongoing initiative, you’ll also
Latest from Information Bytes
Securing Resilient Support for Your Information Governance Initiative (Part 1)
Management support is crucial for success with Information Governance initiatives. This is not merely a question of initial project and budget approvals. Most Information Governance initiatives involve behavioral changes in how data is handled, and in many instances, aspects of
Information Governance Day?
Apparently, today is Global information Governance Day. I frankly wasn’t paying attention, because every day is information governance day here. But no snark is meant by this – it’s good to turn such “occasions” into a nudge to revisit our
Why my firm doesn’t use generative AI
In my legal work for clients, I’m not content with using AI-generated content.
PII Breach Notification Laws: the seas remain choppy
As we watch the tsunami of state comprehensive consumer privacy laws now spreading from California across the U.S., it’s time to revisit the flood zone of state-level PII breach notification statutes, which also flowed forth from California back in 2002.
Less Data is Now Even More Than Ever
In the real world, what to do has never been as impactful as why to do it. For the 2020s, the newest impetus for managing information retention and disposal is crystal clear – data privacy and security compliance
Less Data #6: Explosion of new state consumer privacy laws compels deletion of unnecessary data
We’re witnessing a “rapid, unscheduled disassembly” (thanks SpaceX) of comprehensive consumer privacy laws across the United States. While these new state laws generally have a different, sleeker structure than California’s CCPA/CPRA, they share a similar impact – each such law
Less Data #5: With CPRA, California doubles down on deleting unnecessary data
Last month California finalized its updated regulations under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). With the CPRA, California has upped the ante on requiring data retention schedules and disposal of unnecessary
Less Data #4: Illinois court rules that lack of data retention schedule violates BIPA
Illinois court rules that failure to establish a biometric data retention schedule is an actionable BIPA violation. What may this mean for other states’ privacy laws that require data minimization and storage limitation policies?
Less Data #3: New FTC enforcement actions require retention schedules and data disposal
We’ve already seen how new FTC regulations for GLBA-regulated financial institutions require retention schedules and disposal of unnecessary data as essential data security controls. The FTC is now also taking that position for all businesses under Section 5 of the