Tag Archives: Privacy Abbreviated

Please Don’t Copy and Paste: Getting Privacy Policies Right

Privacy Abbreviated,

Podcast (privacyabbreviated): Play in new window | Download (Duration: 50:10 — 69.2MB) | Embed

Subscribe: Apple Podcasts | Spotify | RSS

 

Whether your company has 5 employees or 500, if you operate online, you’re collecting user data—and that means you must have a privacy policy. But having a privacy policy isn’t just a legal requirement; it’s a powerful statement of your company’s ethics and values. Done right, it reflects a genuine commitment to transparency, accountability, and user trust. Unfortunately, too many businesses treat it as just another box to check.

In this episode of Priv, host Dona Fraser is joined by Wills Catling, Director at Myna Partners, for a candid and comprehensive conversation on what it really takes to get a privacy policy right. Together, they unpack the critical elements of a strong policy—from risk management and accountability to opt-in vs. opt-out frameworks, cookie strategies, and how to navigate the patchwork of state, federal, and international regulations. 

Key Takeaways

00:00 Introduction to Privacy Policies
03:25 Understanding Internal Governance for Privacy
08:04 The Importance of Accountability in Privacy
11:32 The Role of Privacy Notices as Contracts
17:50 Distinguishing Accountability from Internal Controls
20:52 Training and Compliance in Data Privacy
27:27 Common Mistakes in Drafting Privacy Notices
32:10 Building Trust Through Transparency
36:03 Navigating Opt-In vs. Opt-Out Consent
40:31 The Future of Cookie Banners and User Consent
44:24 The Challenge of Obtaining Informed Consent
46:08 Creating Effective Privacy Policies

Additional Resources:

[REPLAY] Launching 2025: Global CBPR Forum

Privacy Abbreviated,

Podcast (privacyabbreviated): Play in new window | Download (Duration: 36:50 — 50.8MB) | Embed

Subscribe: Apple Podcasts | Spotify | RSS

Last year, the U.S. Department of Commerce announced the establishment of the Global Cross-Border Privacy Rules (CBPR) and Global Privacy Recognition for Processors (PRP) Systems. In anticipation of its official launch this year, get caught up with a deep dive on the world of CBPRs with Priv host Dona Fraser and her guest Victoria Akosile, Deputy Director of BBB National Programs Privacy Initiatives.

This episode, which originally aired in May 2024, breaks down the “what you need to know” knowledge about the global CBPR system, quickly reviews the “how we got here” facts, and provides you with the “what do I do now” information you need, whether you are a data controller or data processor.

Key Takeaways:

  • (2:58) The CBPR framework establishes a unified set of privacy requirements, fostering international alignment for compliance. It serves as a benchmark for companies to ensure their privacy practices meet a globally recognized standard. By adhering to CBPR requirements, companies can enhance consumer trust and mitigate risks associated with data privacy non-compliance.
  • (8:05) Integration into the CBPR program enables companies to assess and fortify their privacy procedures. Participation facilitates a structured review process, identifying areas for improvement in privacy management. It empowers companies to adapt to evolving privacy regulations and consumer expectations, ensuring resilience against data breaches and regulatory penalties.
  • (13:47) CBPR and PRP certifications present an opportunity to revolutionize vendor management strategies. Companies can leverage certifications to vet vendors, selecting partners with robust privacy safeguards. Certification streamlines data transfers by providing assurance of compliant data handling practices across the supply chain.
  • (24:07) BBB National Programs acts as an accountability partner, aiding companies in obtaining CBPR and PRP certifications. Through collaborative engagement, BBB National Programs assists companies in navigating the certification process efficiently. Our expertise helps companies uphold high privacy standards, fostering consumer trust and regulatory compliance.
  • (33:11) The forthcoming Global CBPR Forum meeting in Tokyo anticipates widespread interest from nations seeking to join the framework and advance data privacy interoperability. The event serves as a platform for sharing best practices and fostering collaboration among participating countries. It underscores the global momentum towards harmonizing data protection regulations, promoting cross-border data flows while safeguarding individual privacy rights.

 

COPPA 3.0? Privacy Updates for Kids, Tweens and Teens

Privacy Abbreviated, , , ,

Podcast (privacyabbreviated): Play in new window | Download (Duration: 44:17 — 61.2MB) | Embed

Subscribe: Apple Podcasts | Spotify | RSS

Join us for this episode of Privacy Abbreviated, where Dona Fraser is joined by Rukiya Bonner, Director, Children’s Advertising Review Unit, BBB National Programs to discuss a year in children’s privacy in review. Dona and Rukiya break down the FTC’s COPPA Rule revisions, what new legislation has been proposed, what those proposals mean for businesses (including consideration of teen users), and predictions on what could be coming next.

Dona and Rukiya’s conversation highlights the challenges of balancing privacy and safety, navigating targeted advertising, and the importance of proactive measures for companies operating in this space. Key takeaways emphasize the need for vigilance, transparency, and the adoption of best practices in privacy compliance.

Chapters

[00:00] Introduction to Children’s Online Privacy

[03:30] Current Legislative Landscape for Children’s Privacy
[06:03] Understanding COPPA in All Forms
[12:26] The Role of Safe Harbors 
[18:44] State-Level Privacy Laws and Their Implications
[23:55] Challenges in Balancing Privacy and Safety
[28:56] Navigating Targeted Advertising and Data Privacy
[37:38] Key Takeaways for Companies in the Children’s Space

Key Takeaways

  • The definition of a child is crucial in privacy discussions.
  • Legislative proposals are increasing but progress is slow.
  • COPPA 1.0 remains the law, with updates anticipated in 2025.
  • Verifiable parental consent is evolving with technology.
  • Safe harbors provide essential compliance support for companies.
  • State-level laws are creating a complex patchwork for compliance.
  • Balancing privacy and safety is a significant challenge.
  • Targeted advertising must comply with strict regulations.
  • Companies should prepare for the upcoming changes in legislation.
  • Engaging with third-party vendors is critical for compliance.

 

Cross Border Privacy Rules Goes Global: A Deep Dive on CBPRs

Privacy Abbreviated,

Podcast (privacyabbreviated): Play in new window | Download (Duration: 36:50 — 50.8MB) | Embed

Subscribe: Apple Podcasts | Spotify | RSS

On April 30, the U.S. Department of Commerce announced the establishment of the Global Cross-Border Privacy Rules (CBPR) and Global Privacy Recognition for Processors (PRP) Systems. In this episode of Priv, host Dona Fraser is joined by Victoria Akosile, Deputy Director of BBB National Programs Privacy Initiatives to take you from APEC to global CBPRs, explaining all of the acronyms in between. 

Privacy professionals are faced with what seems like a never ending, sometimes overwhelming stream of new privacy laws and regulations, both here in the U.S. and abroad. Our goal with this episode is to break down the “what you need to know” knowledge about the global CBPR system, quickly review the “how we got here” facts, and provide you with the “what do I do now” information you need, whether you are a data controller or data processor. 

In this episode of Privacy Abbreviated, Dona Fraser and Victoria Akosile discuss the Cross-Border Privacy Rules (CBPR) program and its recent expansion to become the Global CBPR Forum. They explain how the CBPR framework provides a uniform set of privacy requirements that coalesce around an international baseline for compliance. They also discuss the role of Accountability Agents, such as BBB National Programs, in helping companies obtain and maintain their CBPR certification. The conversation highlights the importance of data privacy interoperability and the benefits of CBPR and PRP certifications for both data controllers and processors. They also touch on the SolarWinds case and the upcoming Global CBPR Forum meeting in Tokyo.

Key Takeaways:

  • (2:58) The CBPR framework establishes a unified set of privacy requirements, fostering international alignment for compliance. It serves as a benchmark for companies to ensure their privacy practices meet a globally recognized standard. By adhering to CBPR requirements, companies can enhance consumer trust and mitigate risks associated with data privacy non-compliance.
  • (8:05) Integration into the CBPR program enables companies to assess and fortify their privacy procedures. Participation facilitates a structured review process, identifying areas for improvement in privacy management. It empowers companies to adapt to evolving privacy regulations and consumer expectations, ensuring resilience against data breaches and regulatory penalties.
  • (13:47) CBPR and PRP certifications present an opportunity to revolutionize vendor management strategies. Companies can leverage certifications to vet vendors, selecting partners with robust privacy safeguards. Certification streamlines data transfers by providing assurance of compliant data handling practices across the supply chain.
  • (24:07) BBB National Programs acts as an accountability partner, aiding companies in obtaining CBPR and PRP certifications. Through collaborative engagement, BBB National Programs assists companies in navigating the certification process efficiently. Our expertise helps companies uphold high privacy standards, fostering consumer trust and regulatory compliance.
  • (33:11) The forthcoming Global CBPR Forum meeting in Tokyo anticipates widespread interest from nations seeking to join the framework and advance data privacy interoperability. The event serves as a platform for sharing best practices and fostering collaboration among participating countries. It underscores the global momentum towards harmonizing data protection regulations, promoting cross-border data flows while safeguarding individual privacy rights.

 

Consumer Privacy in Telehealth: An Interview with the ATA

Privacy Abbreviated, , , , ,

Podcast (privacyabbreviated): Play in new window | Download (Duration: 35:32 — 49.0MB) | Embed

Subscribe: Apple Podcasts | Spotify | RSS

In this episode of Priv, host Dona Fraser is joined by American Telehealth Association (ATA) Senior Vice President of Public Policy, Kyle Zebley to check up on consumer health data privacy in the telehealth industry.

From HIPAA to the pandemic to Dobbs to a hodge-podge of new state-level privacy laws, Dona and Kyle discuss the ways companies are navigating this complex terrain, how the world of telehealth has drastically changed, the role of AI in today’s telehealth privacy picture, and what this picture may look like in the future. 

Some key takeaways from this episode are:

  • (6:41) The COVID-19 pandemic has accelerated the adoption of telehealth, allowing patients to access care remotely and overcoming barriers such as geographic limitations and workforce shortages.
  • (10:33) Data privacy is a significant concern in telehealth, and organizations like the ATA are working to develop principles and advocate for consistent policies to protect patient information.
  • (17:25) The regulatory landscape for telehealth is complex, with federal and state laws impacting the delivery of care and the collection and use of health data. Consistency and clarity in regulations are essential to ensure compliance and enable innovation.
  • (25:36) AI has the potential to revolutionize healthcare by improving efficiency, personalizing care, and addressing workforce shortages. However, it is crucial to have accountability, oversight, and guardrails in place to mitigate bias and protect patient rights.
  • (33:03) The future of telehealth and data privacy will depend on ongoing federal conversations, legislative actions, and regulatory decisions. Stakeholders must work together to ensure that telehealth continues to expand and provide accessible and high-quality care.

Another key item to note is the Digital Health Privacy Program (DHPP). DHPP is crucial in the telehealth industry as it establishes protocols to protect the privacy of consumer health data, ensuring trust and confidentiality in remote healthcare interactions. By safeguarding sensitive information, DHPP fosters patient confidence in utilizing telehealth services, driving widespread adoption and improving healthcare accessibility. Learn more about DHPP by following the link below.

Resources mentioned in this episode: