Posts

Showing posts with the label GDPR. HIPAA.

Navigating the Where, When, and What of Data Privacy Risk Assessments

As noted in  last week’s post , privacy risk assessments are now required in several states. Of the 19 U.S. states with comprehensive consumer data privacy laws, all but two mandate that businesses conduct privacy risk assessments when processing of consumer personal information in ways that could pose a risk to consumers' privacy. These assessments are not simple checklists—they involve detailed analyses weighing the risks of collecting and processing information against the benefits to the business, considering the safeguards the business plans to implement. Performing these assessments carries significant regulatory implications and potential litigation risks.  These important topics will be discussed in next week’s post. Before we get there, this post discusses the key threshold questions— WHERE ,  WHEN  and  WHAT —to determine whether a privacy risk assessment is required So the question becomes, when do businesses need to conduct one of these risk assessm...