Featured Insight
The DSAR Guide:
Overview of Data Subject Access Requests
What Behavioral Economics Can Teach Privacy Officers
A common refrain heard at WireWheel from its customers is the challenge privacy officers have socializing privacy risk and embedding it into organizational processes. Privacy risks, while opaque and obscure to many people, are quite tangible to an organization...
Practical Steps to Implementing Privacy Engineering
A central remit of privacy-by-design is to dive deeper into the tools, methodologies, and techniques that ensure that your company can integrate privacy into its design processes and workflows. It is a rapidly growing field that is often called privacy engineering....
“Explainability” for AI and ML
How to Implement “Explainability” in Emerging Global AI/ML Regulations Explainability is defined in various ways but is at its core about the translation of technical concepts and decision outputs into intelligible, comprehensible formats suitable for...
Digital Advertising and the Global Privacy Patchwork
“The global privacy patchwork has created significant challenges for participants that work with the digital advertising industry," says Michael Hahn, SVP and General Counsel from IAB Tech Lab. “We work with multiple partners, the technology is complicated, and the...
Privacy Operations in Practice
Of particular interest to me right now – in a program with an early level of maturity – is the challenge socializing privacy substantively among business counterparts who are engaging with the data more directly, as well as socialization of privacy at the leadership...
Privacy in the Metaverse
It's inevitable that the metaverse will be the number one social network in the world. — Michael Gord, Metaverse Group Co-Founder “It wasn't that long ago that the metaverse concept didn't exist outside of science fiction books,” says WireWheel CPO Rick Buck. “The...
Third-Party Risk is Everywhere
Brainstorming Solutions to Supplier Management Everybody has a process in place to demonstrate that you [the vendor] can be trusted to perform services for your client. This means a lot of paperwork and sometimes a lot of redundancy for suppliers. All of this takes...
Privacy Law Update: December 20, 2021
Written by Rick Buck, Chief Privacy Officer, WireWheel Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!Newsworthy Updates Digital Markets Act: Parliament ready to start negotiations with...
Finally Solving for Schrems II?
A conversation with the European Commission’s Bruno Gencarelli The world of data flows is a diversified world that doesn't stop at the transatlantic dimension, although that is, of course, a core component of that issue. A successful arrangement to the privacy shield...
Cross-Border Data Transfers: A Conversation
On November 11, 2021, in response to the uncertainty following Schrems II invalidation of the EU-US Privacy Shield, the European Data Protection Board (EDPB) issued long-awaited guidance on complying with GDPR requirements for the transfer of personal data from the EU...
Privacy Law Update: December 6, 2021
Written by Rick Buck, Chief Privacy Officer, WireWheel Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!Newsworthy Updates EDPB Discusses Data Transfer Guidance Considerations, Key Points...
Rise of the Privacy Operations Leader
In the early years of privacy legislation, the focus was on legal interpretation and high-level understanding. What do the principles mean? How do you reconcile the European-style data protection regime, the US, and others? Naturally, the general counsel's office and...
Privacy Law Update: November 22, 2021
Written by Rick Buck, Chief Privacy Officer, WireWheel Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!Newsworthy Updates Dispatch From Brussels: Some Clarification For EU Data Transfers...
Six Tips for Complying with PIPL
The Personal Information Protection Law (PIPL) passed by the People's Republic of China on 21 August and effective November 1, 2021, is not the GDPR.[1] While it shares some familiar grammar with the General Data Protection Regulation, its underlying precept is of a...
Privacy Law Update: November 15, 2021
Written by Rick Buck, Chief Privacy Officer, WireWheel Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!Newsworthy Updates UK Supreme Court Overturns Court of Appeal to Disallow Google...
Privacy Law Update: November 8, 2021
Written by Rick Buck, Chief Privacy Officer, WireWheel Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!Newsworthy Updates Why it is unlikely the announced supplemental SCCs will...
Privacy Law Update: November 1, 2021
Written by Rick Buck, Chief Privacy Officer, WireWheel Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!Newsworthy Updates G-7 Trade Ministers agree on digital trade principles During a...
Data Privacy Laws in 2022: What You Need to Know
Written by Rick Buck, Chief Privacy Officer, WireWheelLast Updated: January 3, 2022Introduction to Data Privacy in 2022 Over the past few years, the proliferation of data privacy laws has accelerated around the world. And this trend is not about to stop. According...
Key Insights from One Year of CCPA Enforcement
Introduction The California Consumer Privacy Act (CCPA) has been in effect since January 1, 2020 and enforcement started on July 1, 2020. Although a coalition of 60 organizations was calling to delay the enforcement of CCPA due to COVID, the Office of the Attorney...
What Do I Need for My Website to Be Compliant?
Today… and into the futureWritten by Rick Buck, Chief Privacy Officer, WireWheelAfter new privacy laws passed in Virginia, Colorado, and California, many clients ask us what they need to do to make sure that their website is compliant today and into the future for...
Privacy Law Update: October 25, 2021
Written by Rick Buck, Chief Privacy Officer, WireWheel Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!Newsworthy Updates IAPP-EY release Annual Privacy Governance Report 2021 The...
Privacy Governance: ROPAs are the New Normal
A key component of privacy governance is assessments. While Records of Processing Activity (ROPAs) do not assess risk per se, they do assess the who, what, why, where, and how of information processing. Analyzing the results against internal policy, processes, and...
Retrieve Unstructured Data and Save Time With WireWheel’s M365 Integration
Privacy Laws continue to proliferate across the globe. Many of these laws, including the European Union’s GDPR, require companies to provide customers and employees access to their personal data. Many companies have unstructured personal data covered by laws such as...
Leveraging the NIST Privacy Framework to Achieve Effective Privacy Governance
We are seeing a parallel to what the financial and banking industry went through during the early years of Sarbanes Oxley (SOX) implementation. In the same way that we can no longer rely on self-regulation, we are no longer able to rely on disparate compliance...
How Privacy Laws Could Help Regulate Facebook’s Algorithms
Congressional testimony from a former Facebook employee has sparked outrage over the governance of the company’s algorithms and has renewed calls for regulation of the social media giant. Although privacy laws ostensibly focus on data, GDPR in Europe and a set of...
Privacy Law Update: October 18, 2021
Written by Rick Buck, Chief Privacy Officer, WireWheel Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!The White House is having a big meeting about fighting ransomware. It didn't invite...
Where Are Companies on the Consent Management Spectrum?
Written by Jeremy S. Berkowitz, Senior Principal, Global PrivacyPromontory Financial Group, an IBM CompanyAs a Senior Principal in the Promontory Financial Group’s privacy and data protection practice, I consult with companies on a variety of privacy issues related to...
Privacy Law Update: October 11, 2021
Written by Rick Buck, Chief Privacy Officer, WireWheel Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!Newsworthy Updates FTC alum Ashkan Soltani selected to lead CPPA It was always...
Personal Data Definitions: Comparing GDPR vs CCPA vs CDPA vs CPA
Introduction ‘Personal Data’ has different legal definitions in the GDPR, CCPA in California, CDPA in Virginia, LGPD in Brazil and other regulations. Although personal data is sometimes used interchangeably with PII or personally identifiable information, “personal...
The DSAR Guide: Overview of Data Subject Access Requests
Last Updated: November 5, 2021What is a DSAR? Data Subject Access Requests (DSARs) give individuals (also known as data subjects) the right to discover what data an organization is holding about them, why they are holding that data and who else their data and other...
Privacy Law Update: October 4, 2021
Written by Rick Buck, Chief Privacy Officer, WireWheel Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!Newsworthy Updates The Downside to State and Local Privacy Regulations Are stricter...
How to Operationalize Privacy by Design
I think I’m a closet Project Manager. When you operationalize concepts, you have to have some solid project management skills to ensure you're identifying everything that you want to accomplish; how you’re going to do it; and the tactical plan behind it. —Lisa...
Privacy Law Update: September 27, 2021
Written by Rick Buck, Chief Privacy Officer, WireWheel Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!Newsworthy Updates Mixed Messaging Around Progress Toward EU-US Data Transfer...
Canada’s Anti-Spam Law (CASL): What you need to know
Written by Rick Buck, Chief Privacy Officer, WireWheelIntroduction The Canada Anti-Spam Law (CASL) was introduced in 2010 but came into effect on July 1, 2014. The CASL’s primary purpose is to reduce “the harmful effects of spam and related threats” and “help create a...
A Guide to PIPEDA: Canada’s Data Protection Law
Written by Rick Buck, Chief Privacy Officer, WireWheelIntroduction The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian data privacy law which became law on April 13, 2000. The PIPEDA incorporates and also makes mandatory some of the...
A Guide to China’s Personal Information Protection Law (PIPL)
Written by Rick Buck, Chief Privacy Officer, WireWheelIntroduction The Personal Information Protection Law is the first comprehensive data privacy law in China based on China’s constitution. Its primary aim is to “protect the rights and interests of individuals,”...
Complete Guide to LGPD: Brazil’s Data Privacy Law
Written by Rick Buck, Chief Privacy Officer, WireWheelIntroduction The Brazilian Lei Geral de Proteção de Dados (LGPD) was first introduced on June 13, 2012 and went into effect on September 18. 2020. The administrative sanction provisions of the LGPD went into effect...
Complete Guide to GDPR: General Data Protection Regulation
Written by Rick Buck, Chief Privacy Officer, WireWheelIntroduction The General Data Protection Regulation (GDPR) was adopted on April 14, 2016 and went into effect on May 25, 2018. The GDPR governs data protection and privacy in the European Union and in the European...
Colorado Privacy Act (CPA): What You Need to Know
Written by Rick Buck, Chief Privacy Officer, WireWheelIntroduction The Colorado Privacy Act (CPA) was introduced on March 19, 2021, unanimously passed on May 26, 2021 and was signed into law on July 7, 2021 by Governor Jared Polis. CPA became the third comprehensive...
CCPA vs CPRA: A Guide to California’s Data Privacy Laws
Written by Rick Buck, Chief Privacy Officer, WireWheelIntroduction to California’s Data Privacy Laws The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), a ballot measure approved in November 2020, are transforming the privacy and...
Full Guide to Virginia’s Consumer Data Protection Act (CDPA)
Written by Rick Buck, Chief Privacy Officer, WireWheelIntroduction The Virginia Consumer Data Protection Act (CDPA) was introduced on January 1, 2021 to the House of Delegates and was signed into law by Governor Ralph Northam on March 2, 2021. The CDPA became the...
Privacy Law Update: September 20, 2021
Written by Rick Buck, Chief Privacy Officer, WireWheel Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!Newsworthy Updates US Panel Votes to Approve $1 Billion for FTC Privacy Probes The...
Venture Capital Sees Big Opportunities in Data Privacy
Privacy has three key drivers: legislation, brand risk, and opportunity. “On one hand, you see strong winds from a regulatory and compliance perspective,” notes WireWheel CEO Justin Antonipillai. “And virtually every company is trying to find a solution to make sure...
Privacy Law Update: August 30, 2021
Written by Rick Buck, Chief Privacy Officer, WireWheel Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!Newsworthy Updates UK Announces Independent Adequacy Decisions In June, the...
Culture Matters
Understanding corporate culture is a critical first-step toward building a data privacy programWritten by Virginia Bartlett, Privacy Operations Expert, WireWheelDuring my tenure as a privacy officer in companies across many different industries, I’ve seen differing...
China Passes the Personal Information Protection Law (PIPL)
Written by Rick Buck, Chief Privacy Officer, WireWheelOn August 18, China introduced a third and final version of the Personal Information Protection Law (PIPL) law. This new law will take effect on Nov. 1, 2021. In many respects, it takes a similar approach to the EU...
Privacy Law Update: August 23, 2021
Written by Rick Buck, Chief Privacy Officer, WireWheel Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!Newsworthy Updates One Year after Schrems II, the World Is Still Waiting for U.S....
Vaccine Passports: Case Studies, Technologies, and Policy Considerations
The Spokes 2021 conference included a panel on vaccine passports, moderated by Virginia Bartlett, Privacy Operations Expert with WireWheel. The panel also included Maureen R. Dry-Wasson, VP, Group General Counsel and Global Privacy Officer with Allegis Group; Scott...
Privacy & Marketing: Strategies for a Cookieless Future
Marketing and privacy are on a collision course – and it’s a trajectory that has been plotted for some time now, says Forrester Senior Analyst Fatima Khatibloo. This course was set, in part, because marketing has become “too good at connecting people and devices with...
Privacy Law Update: August 16, 2021
Written by Rick Buck, Chief Privacy Officer, WireWheel Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!Newsworthy Updates Brazil Announces National Data Protection Council The Brazilian...
National Security and Privacy: Recent Developments and Emerging Challenges
This year’s Spokes conference hosted a panel on national security and privacy, moderated by Charlie Savage, Washington Correspondent for The New York Times. Panelists included Travis LeBlanc, a Partner with Cooley and Privacy and Civil Liberties Oversight Board...
China’s Data Security and Privacy Laws
To date, China relies on several privacy and security related laws. It does not have a comprehensive data privacy law. That’s about to change. China is moving forward with a set of privacy and security laws (Personal Information Protection Law, Data Security Law)...
Preparing for CPRA, CDPA, and Other Emerging State Privacy Laws
WireWheel’s Spokes 2021 conference included a panel of experts discussing current and emerging privacy laws around the U.S., including CPRA and CDPA. The panel was moderated by Rick Buck, Chief Privacy Officer for WireWheel, and panelists included Kristi Preuss,...
Privacy Law Update: August 9, 2021
Written by Rick Buck, Chief Privacy Officer, WireWheel Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!Newsworthy Updates Brazilian Data Protection Body Pledges to Enforce "Responsive...
Key Topics in Privacy Leadership Today
During the Spokes 2021 conference, WireWheel hosted a panel of privacy experts to discuss some central issues facing data privacy regulation and technology. Justin Antonipillai, CEO and Founder of WireWheel, moderated the panel, which also included Daniel Solove,...
Engineering Privacy at Scale
The nature of privacy and what it means for businesses, consumers, and regulators, vary across organizations, industries, consumer segments, and jurisdictions. Even within a single organization, the conception of privacy (and its perceived impact) will differ from...
EC’s Adequacy Decision Approves International Data Transfers to the UK
The European Commission’s latest verdict ascertains that data transfer isn’t added to the list of exchanges Brexit has disrupted. On June 28, 2021, Europe’s top court adopted two key “adequacy” decisions for the United Kingdom—ensuring the legitimization of the flow...
Privacy Law Update: August 3, 2021
Written by Rick Buck, Chief Privacy Officer, WireWheel Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!Newsworthy Updates The Uniform Personal Data Protection Act Is Here In July 2021,...
California Attorney General Announces New Ways for Consumers to Assert Privacy Rights
Written by Rick Buck, Chief Privacy Officer, WireWheelThe California Office of the Attorney General recently announced two ways to make it easier for consumers to assert their privacy rights and business to comply with the CCPA opt-out rules related to the sale of...
The View from the EU: A Discussion with the International Data Transfers and Protection Unit’s Bruno Gencarelli
Bruno Gencarelli, Head of the EU’s International Data Flows and Protection Unit, delivered the closing remarks for the Spokes 2021 conference. The conversation kicked off with a discussion about the Schrems II decision coming out of Europe, with wide-reaching...
NFTs: The Privacy Angle
Non-Fungible Tokens (“NFTs”), as the name implies, are tokenized representations of non-fungible assets (physical or digital). Each NFT is unique and contains unique identifiers, data, and metadata. The NFT not only identifies what that NFT represents – a work of art...
Privacy Law Update: July 26, 2021
Written by Rick Buck, Chief Privacy Officer, WireWheel Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!Newsworthy Updates WireWheel CEO Foresaw the Impact of Data Privacy on Human...
Crafting Better Privacy Laws, Based on the California Model: A Conversation with Alastair Mactaggart
Spokes 2021: Day Two Keynote Session with Alastair MactaggartOn the second day of the WireWheel Spokes 2021 conference, WireWheel CEO and founder Justin Antonipillai hosted a conversation with Alastair Mactaggart, board chair and founder of Californians for Consumer...
Privacy Law Update: July 19, 2021
Written by Rick Buck, Chief Privacy Officer, WireWheel Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!Newsworthy Updates Update by the California Attorney General Could Be a...
What Privacy Officers Need to Know About Synthetic Data
Regulation, cost, and other factors can hinder the great many benefits of access to data for analysis. This impedes not only the efforts of organizations to rationalize resources (e.g., workforce analytics, resource allocations, and consumer insights), but research...
Privacy Law Update: July 12, 2021
Written by Rick Buck, Chief Privacy Officer, WireWheel Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!Newsworthy Updates Biden Executive Order Calls For Scrutiny Of Mergers, Data...
Polis Signs Final Flurry of Business Bills Despite Veto Pushes
Written by Ed Sealover, Denver Business JournalGov. Jared Polis finished off a monthlong bill-signing tour over the past week and a half by inking 18 business-focused laws that create a groundbreaking data privacy law, ban certain types of plastic containers and delay...
Dark Patterns and Privacy by Design: A Delicate Balancing Act
I think we're watching builders and developers understand that part of the product success is that it has a privacy by design component to it and privacy was thought about upfront and built into the greater feature-functionality. or production system that's being...
Privacy Law Update: July 6, 2021
Written by Rick Buck, Chief Privacy Officer, WireWheel Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!Newsworthy Updates The European Data Protection Board (EDPB) Finalises Guidance on...
Measuring What Matters: How to measure privacy’s impact
In the last decade, the ability to collect, analyze, process, and monetize personal information has increased at an unprecedented rate. The growth rate of the marketing technology sector (“Martech”) – from 150 available solutions in 2011 to 8,000 at last count – is a...
Dark Patterns: Another really creepy line
The term “dark patterns” was coined by Harry Brignull in 2010. Brignull, who has a PhD in Cognitive Science, defines dark patterns as “tricks used in websites and apps that make you do things that you didn't mean to, like buying or signing up for something”...
Non-Fungible Tokens: The convergence of creator-centric ecosystems
Written by Luca Cosentino, Product Lead, Oasis Unlike fungible assets which are interchangeable (i.e., every bitcoin, ether, or dollar is equivalent to every other bitcoin, ether, or dollar), non-fungible tokens (NFTs) are unique and contain unique identifiers, data,...
4 Ways Integrations Help With DSAR Fulfillment
Written by Stephen Buko, Senior Director, Product Implementation, WireWheelTo maintain legal compliance with existing and newly emerging data privacy laws, many large companies are faced with a challenge as they process and manage more data subject access requests...
WireWheel helps Shoes.com manage consents and preferences—on a compressed timeline
Even under the best of circumstances, getting a clear picture of customer data and setting up a data compliance system can sometimes be a challenge, requiring multiple teams working together to get the job done. Now imagine trying to accomplish this task in the midst...
Privacy Law Update: June 14, 2021
Written by Rick Buck, Chief Privacy Officer, WireWheel Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!Newsworthy Updates A Deeper Dive Into The New Standard Contractual Clauses The good...
Colorado Passes a Data Privacy Law
Colorado Passes a Data Privacy Law Law would be effective on July 1, 2023Written by Rick Buck, Chief Privacy Officer, WireWheelOn June 8, 2021, the Colorado Senate approved House amendments to the Colorado Privacy Act (CPA) (SB21-190). The bill now goes to Governor...
EU Releases New Standard Contractual Clauses Language
Written by Rick Buck, Chief Privacy Officer, WireWheelOverview On Friday, June 4, 2021, the European Commission approved and adopted a new version of the Standard Contractual Clauses (SCCs) that updates the rules on how data may be transferred outside of the EU....
New Technology Meets Old Unanswered Questions: Data privacy in the age of virtual reality
In a single recommended 20-minute session in VR, a headset can generate approximately two million data points and unique recordings of body language. Immersive tech can track huge quantities of highly sensitive information, creating both lucrative opportunities for...
Privacy Law Update: June 7, 2021
Written by Rick Buck, Chief Privacy Officer, WireWheel Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!Newsworthy Updates The Beginning of a New Era for International Transfers- New...
Consent and Preference Management: Regulatory table stakes or consumer insight?
When it comes to data privacy, the business aphorism “it’s better to ask forgiveness than ask permission” does not apply. And the more consumers learn about how their data is used, the less forgiving they have become. Consumer attitudes are very clear on this. For...