Sophie Stalla-Bourdillon

Default alt text
December 8, 2023

What Is the EU-US Data Privacy Framework & How Should You Plan?

The General Data Protection Regulation (GDPR) is one of the most wide-reaching and stringent data compliance laws and regulations, with penalties for violating its terms reaching 4% of an organization’s prior year worldwide turnover. Although some of its provisions, such as Chapter 5, have fed more debate and litigation than others, it’s...

Default alt text
November 14, 2023

AI Acceptable Use Policy: Where to Start?

Generative artificial intelligence (AI) are prediction algorithms that are able to create any type of content, be it text, code, images, audio, or video – think ChatGPT, Bing Chat, Bard, Stable Diffusion, Midjourney, and DALL-E, for example. With the emergence of generative AI-as-a-Service – which has lowered barriers to entry – generative AI is spreading to most...

Default alt text
November 12, 2023

Why Is GDPR Compliance Important and How Do I Achieve It?

A modern analytics environment is typically built to reduce time to data, leaving compliance as an afterthought. Yet, without a compliance-by-design approach, the analytics environment is likely to break in weeks because safeguards like purpose-based access control are missing; data minimization and de-identification techniques are inadequate and data access requests...

Default alt text
August 16, 2023

What’s the Worst That Could Happen? A Guide to AI Risks

While generative artificial intelligence (AI), foundation models, and Large Language Models (LLMs) are often described as the future of AI as we know it, their mass adoption is not necessarily straightforward. The emergence of these types of AI models has sparked concerns recently, leading to a series of open letters, enforcement orders (against...

Default alt text
August 16, 2023

Types of AI and Input Models Explained

ChatGPT is one of the fastest-growing artificial intelligence (AI)-powered apps of all time, but it is just the tip of the generative AI iceberg. The pace of AI’s advancements makes it difficult to keep up with the latest terminology, let alone understand how it may impact your day-to-day responsibilities. In...

Default alt text
May 3, 2023

Why Tech Companies Should Care About Healthcare Data Breaches

Health data is one of the most valuable assets organizations in the healthcare and life sciences industry can possess. It’s also one of the most vulnerable. Over the years, legal steps have been taken to protect healthcare data security and patient privacy. The Health Insurance Portability and Accountability Act (HIPAA), passed by...

Default alt text
April 28, 2023

How Does Data Classification Help Protect Data Privacy?

As data breaches and cyber attacks become more common, protecting data privacy is an increasingly important concern for companies that use data to compete. According to Cybercrime Magazine, the total cost of cybercrimes is an estimated $8 trillion, and is expected to climb more than 30% in the next two years....

Default alt text
December 22, 2022

The Next Generation of CCPA Compliance Requirements

The 2020 elections not only saw record turnout, but also ushered in a suite of new laws and lawmakers. Voters in California had a dozen propositions on the ballot, but one that has far reaching implications for citizens and organizations alike is Proposition 24, the California Privacy Rights Act (CPRA) — or...

Default alt text
August 19, 2022

The Data Privacy Regulation Roundup: What Data Teams Need to Know

When the General Data Protection Regulation (GDPR) entered into force, US privacy law was still in its infancy. Though enforced by the European Union (EU), the GDPR had wide-ranging implications for organizations well beyond Europe. And though it has become the regulatory standard in data privacy since it became applicable...

Default alt text
March 24, 2022

What Are the Key APRA Data Security Standards?

Financial data is among the most sensitive information an organization can possess, yet its use is essential to the health of global markets. It’s no secret, therefore, that data security in financial services is a highly scrutinized topic – and one that is subject to a plethora of data compliance regulations. The Australian...

Default alt text
May 7, 2021

What is Data De-identification and Why is It Important?

Data de-identification is a form of dynamic data masking that refers to breaking the link between data and the individual with whom the data is initially associated. Essentially, this requires removing or transforming personal identifiers. Once personal identifiers are removed or transformed using the data de-identification process, it is much easier to...

Default alt text
April 29, 2021

Why Clarifying De-Identification Concepts is Key to Sufficient Data Protection

Data protection law emerged in the 1970’s in Europe as a means to protect against the risks posed by automated or computer-based data processing. As a concept, it thus goes far beyond protecting individuals against the disclosure of nonpublic information, a concern that is still very much at the center...

Default alt text
February 5, 2021

What is Differential Privacy? A Guide for Data Teams

In today’s day and age, we’re accustomed to technological advances and capabilities being uncovered all the time. However, mere availability does not necessarily correspond to immediate adoption. This is at least somewhat true for differential privacy. The first seminal contribution on the topic was published in 2006 by Microsoft Distinguished Scientist Cynthia Dwork,...

Default alt text
January 20, 2021

How to Unlock Successful, Scalable GDPR Compliance

The General Data Protection Regulation (GDPR) is omnipresent: It applies to every person or entity processing personal data in the European Union (EU), as well as all organizations that process the personal data of individuals located in the EU. The regulation seeks to increase individuals’ control over their personal data, including...

Default alt text
August 24, 2020

A Call for a Risk-Based Assessment of Anonymization Approaches

Why it’s time to reexamine the binary dichotomy between personal and aggregate data, and what aggregation, synthesisation and anonymisation mean for the future of data privacy. Privacy-enhancing technologies are typically used to transform data to enable sharing of private data with third parties. However, not all techniques reduce re-identification risks;...

Default alt text
December 19, 2019

Differentiating Data Security in the GDPR from Privacy

The European Union’s General Data Protection Regulation — one of the most forward-leaning privacy regulations on the planet — was praised by Tim Cook in a recent speech in the EU because our personal data is “being weaponized against us with military efficiency.” Those are strong words, and frankly, accurate:...

Ready to get started?