To round out this series on right-sizing a privacy program, our last stop is thinking about the impact of working with third parties. There are many legal requirements to assess and/or to address in third party contracts when personal information is being gathered or is changing hands.

Continue Reading Elements of Right-Sized Privacy Program: Appropriately Addresses Third Parties

Vermont recently enacted a data broker security law, one of the first of its kind. The law requires data brokers to develop and implement a comprehensive security program. The program needs to include administrative and technical safeguards to protect personal information. Data brokers are defined as businesses that collect and sell or license data about consumers with whom the business does not have a direct relationship.
Continue Reading Vermont Is First Mover Regulating Data Brokers