Data Privacy & Business Strategy Articles

March 2020 will go down in history as a pivotal time for humanity. Healthcare, economics, politics, law enforcement and so much more will be looked through the lens of COVID-19. Privacy has been discussed extensively in the last few weeks. Privacy and Data Protection authorities around the globe have made statements about the management of personal data during this pandemic (see the statement form the European Data Protection Board here and the Canada Office of the Privacy Commissioner here) . Effective decision-making depends on data and we, as individuals, are the greatest creators of this data. We create such critical […]

As of today November 1st, privacy breach notification will be mandatory at the Federal level in Canada through amendments done to PIPEDA. From now on, the Year of the Breach This year has been called “the year of the breach”, but so was 2017 and before that, 2016. This could be called the global warming of the privacy world. And with regulators becoming more strict about companies’ transparency practices, data privacy breach notifications will also become more prevalent. What does this all mean to organizations and most importantly, to individuals that share their personal data with organizations? Breach notification impacts First of all, […]

A few days back I read an article on the New York Times that talked about “data breach fatigue”. Let’s make this very clear: data breaches are a daily occurrence in our lives. It seems like they’re here to stay and they are like a “not so pleasant” distant relative that decides to visit and suddenly doesn’t leave. Initially we dread the presence but after a while, we get used to them and stop asking when they are packing up to go back home. And that makes me wonder, why? Why do we allow the inconvenience and the risk to […]

A couple of months ago I made a wild statement about the Facebook-Cambridge Analytical incident being the catalyst for stronger privacy regulation around the use of personal data for business purposes.  A few people found some merit on this idea – usually the ones from my own generation whose sense of adventure is a bit tempered by the reality of the past. And then lately, a few new events (think California’s CCPA) are showing that people and governments around the globe are more interested in the protection of personal data.  Most importantly, the appropriate use of personal data in a […]

GDPR came into effect on May 25th. Granted, the world didn’t come to an end but there is certainly awareness around the EU people whose personal data GDPR protects and they are making their voices heard. According to a report released by the IAPP, complaints have started pouring in across the different EU member states with as little as 2 in Sweden and 3 in Belgium and as many as 426 in France. Ireland to date has also had 547 data breach notifications! It is obvious that the Data Protection Authorities in the different EU states have a limited number […]

VANCOUVER, B.C. – (April 12th, 2018 @ 9:00 AM PT) Kirke Management Consulting today announced that it has signed on as a partner of STOP. THINK. CONNECT. ™, the global online safety awareness and education campaign. Securing the internet is a responsibility we all share, and STOP. THINK. CONNECT. ™ is simple, actionable advice that everyone can follow to be safer and more secure online. Ale Brown, Founder and Principal Consultant at Kirke Management Consulting, said “We are excited to partner with STOP. THINK. CONNECT. ™ as a part of our ongoing dedication to foster increased awareness into the importance […]

The last few weeks have engulfed us all – not only privacy professionals like ourselves – into one of the biggest corporate scandals of the new century. You can tell it is serious when after three long weeks, everyone is still talking about it. In this age of short attention spans, three weeks is an eternity. What does Facebook-Cambridge Analytica have to do with Enron? Even though at a first glance the similarities are not apparent, I believe that Facebook-Cambridge Analytica and Enron have a few things in common. For the ones that are old enough to remember, the Enron scandal […]

This is the last installment on the virtues and requirements of GDPR. In this series you learned a few things, like whether or not you need to comply, what to do if you actually need to comply and what to take into account when you are prioritizing your activities towards GDPR compliance. Now you should feel comfortable knowing that at least you understand what this new data compliance regulation is about and, based on your business, what the key areas are that you need to take care of. On May 25 you will certainly be in a better place than […]

In the last few weeks, we have been talking about what GDPR is, who needs to be compliant with it and what things to keep in mind if you have to comply. Now we are going to discuss what is the best way to go about prioritizing GDPR requirements for your organization. It’s all about the risk First off, let me say that GDPR is not a step-by-step prescription on what to do with regards to the management and protection of personal data. If it were that way, we would all have been compliant long ago! Just tick the boxes on […]

Last week we discussed what GDPR is in very broad terms. We also discussed what are the general parameters used to determine whether an organization needs to comply with GDPR or not. Just to refresh our memories, these are the criteria used to make such determination: If you have any physical presence in the EU (even if it is a small sales and marketing office). If you don’t have a physical presence but you offer products or services to EU residents. If you don’t offer products or services but you monitor EU residents online behaviour. You need to comply… now […]