With the introduction of new privacy laws, I frequently am asked “what do I need to do?” by business owners. Recently, the question is coming from SMB owners who are unclear if the emerging privacy laws apply to them. The challenge for an SMB is that establishing a privacy program with policies, procedures, compliance testing, […] The post Privacy and the SMBs appeared first on Privacy Ref ..read more

The EU AI Act has been agreed upon by the Parliament, Commission, and Council of the European Union and will bring with it obligations for organizations looking to use artificial intelligence. Notable amongst the requirements is the conformity assessment for high-risk uses of AI. We have seen similar requirements in the GDPR with Article 35 […] The post Conformity Assessments appeared first on Privacy Ref ..read more

As more US states pass comprehensive privacy laws with technological advances in mind, a recent trend emerging is a requirement that controllers’ websites comply with universal opt-out mechanisms. Here’s a breakdown of everything you need to know about implementing the specific law requirements. What is a universal opt-out mechanism (UOOM)? The term universal opt-out mechanism […] The post Universal Opt-Out Mechanisms FAQ appeared first on Privacy Ref ..read more

Two new US state laws have been approved for New Jersey and New Hampshire already this year. As part of our commitment to keeping up with the latest law requirements, we have pulled out a few takeaways. Quick Overviews The essence of the New Jersey and New Hampshire privacy laws, otherwise referred to as SB […] The post Some old, some new requirements in NH and NJ laws appeared first on Privacy Ref ..read more

With the introduction of new privacy laws, I frequently am asked “what do I need to do?” by business owners. Recently, the question is coming from SMB owners who are unclear if the emerging privacy laws apply to them. The challenge for an SMB is that establishing a privacy program with policies, procedures, compliance testing, […] The post Privacy and the SMB appeared first on Privacy Ref ..read more

During a webinar in May of 2023, I stated that the main problem with artificial intelligence isn’t AI itself, but the people who use it. I still hold to this idea. Most applications I have seen that make me scratch my head or cringe with disbelief are bad ideas from people, not mistakes or errors […] The post AI Criteria: Access appeared first on Privacy Ref ..read more

The most important piece of any privacy program handling or investigating the use of artificial intelligence is the review process. There are three areas to review, including the algorithm itself, the training data, and finally the outputs. This will act like a filter of increasing scrutiny as we progress. The Algorithm We have a few […] The post AI Criteria: Review appeared first on Privacy Ref ..read more

Over Thanksgiving, a Facebook post from a local community police department caught my attention, warning about an automatic feature called NameDrop in the Apple iOS17 update. Once I returned to work, I decided to delve into the issue surrounding this automatic feature. It also reminded me that this is not the first time I have […] The post Balancing user convenience and consent in system updates appeared first on Privacy Ref ..read more

Providing a privacy notice to individuals about  how their data is collected and processed is not a foreign concept to privacy professionals. We need to detail what information is collected, how it is used and shared, what rights subjects have, and provide them some way to ask questions or make comments and provide feedback to […] The post AI criteria: Notice and Choice appeared first on Privacy Ref ..read more

Privacy is often considering whether or not a use of information is appropriate. What is or isn’t appropriate is based on regulations and rules, but as I had written elsewhere, […] The post AI criteria: Non-invasiveness appeared first on Privacy Ref ..read more