article thumbnail

US: As expected, California ballot initiative passes, significantly altering the California Consumer Privacy Act

DLA Piper Privacy Matters

The CPRA adds new obligations on both businesses and service providers, adds some important new definitions, and creates new liability risks, while clarifying some operationally difficult aspects of the CCPA. Here are quick highlights of the sprawling and sometimes confusingly drafted 52-page initiative: New definitions.

Privacy 84
article thumbnail

GUEST ESSAY: ‘Tis the season — to take proactive measures to improve data governance

The Last Watchdog

Sadly, data breaches often occur at this time of year. Related podcast: The need to lock down unstructured data. What exactly makes data sensitive? Here’s a simple definition: if accessed by an adversary, would create a liability. Recently we’ve seen major news stories about breaches at Starwood Hotels and Quora.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Do I Need a Data Catalog?

erwin

This also diminishes the value of data as an asset. Data catalogs combine physical system catalogs, critical data elements, and key performance measures with clearly defined product and sales goals in certain circumstances. Sales are measured down to a zip code territory level across product categories.

Metadata 132
article thumbnail

US: CPRA analysis: The ‘good’ and ‘bad’ news for CCPA-regulated ‘businesses’

DLA Piper Privacy Matters

Create an operationally significant limited exception to deletion and access rights for many types of unstructured data. Amend the second threshold of the definition of a “business” to remove “devices.” Clarify that businesses may offer loyalty, rewards, premium features, discounts or club card programs.

Privacy 52
article thumbnail

New CNIL €400,000 fine for data security breaches and non-compliance with data retention period under the GDPR

Data Protection Report

Following the now famous €50m fine imposed on Google LLC in January 2019, [1] the French Data Protection Authority (the CNIL ) published a decision taken on 28 May 2019 [2] imposing a fine of €400,000 on SERGIC, a company specialised in real estate development, purchase, sale, rental and property management.

GDPR 40
article thumbnail

Master Data Governance: Comprehensive Guide

Reltio

Master data governance creates a system of rules and the policies and procedures enforcing them to ensure data quality and consistency. . Proper master data governance provides: A single best version of the truth across the enterprise. Standard definitions and business rules for creating and categorizing data.

article thumbnail

US: The CCPA ‘Moving Target’ One Month Before Privacy Enforcement Begins

DLA Piper Privacy Matters

A broader security exception, including physical safety and a rulemaking on exempting data generated for security or integrity purposes. distributing company-wide communications to ensure that personnel are highly attuned to complaints of non-compliance and know how to contact the privacy office.

Privacy 84