This is off-topic but I am sharing this tweet and urging you to check out the whole thread on Twitter. In the midst of all the debate, it is important to take a step back and really think about what our choices say about who we are as a people.

Watch this IAPP keynote where Apple and Google privacy officers discuss the contact tracing app. Several months after the COVID-19 pandemic and there are still a lot of countries grappling with ever-increasing number of infections. Understandably, we are turning to technology-based solutions to optimize contact tracing efforts. Apple and Google teamed up to create a contact-tracing approach based on Bluetooth technology. In this video, they discuss how the project came about, addressing the tension between efficacy and privacy, and how they employed the privacy-by-design approach. Here's a link to the awesome Princeton University - KU Leuven project Longitudinal Corpus of Privacy Policies.

Thanks to the fact that my friends know I work in Privacy, I am usually at the receiving end of random questions on data breaches. The other day, the question I got was: If a company-issued device containing personal data was stolen, is the company required to report the personal data breach to the National Privacy Commission (NPC)? Interesting question. Here are our facts: Company A issues a laptop to Mr. Employee for his use while working from home during the Enhanced Community Quarantine period (the "lockdown"). Company A issues instructions to Mr. Employee that the device should be used exclusively for the performance of Mr. Employee's work, which does not involve the processing of perso

The New York Times reports that the former head of Uber's security team has been charged in a criminal case for concealing a 2016 personal data breach. The breach involved personal information of 57 million Uber drivers and passengers. What's notable about the case is that, as the New York Times notes, is that "the charges drew an important distinction between failing to protect Uber’s computer network and failing to tell the authorities about it. Prosecutors said that Mr. Sullivan committed two felonies when he didn’t disclose the 2016 incident to federal investigators who were already investigating a similar data breach that had occurred two years earlier." The Philippines' Data Privacy Ac

Hello. Just thought I'd explain to you some changes in the way I will be updating this blog. I have been blogging--in so many ways on different platforms--on and off since around 2000. And the way I blogged changed in tandem with the way that publishing content online changed: First, my posts looked like online journal entries; Then they became curated links, introduced by quips that were either funny or punny. And then Facebook and Twitter came along and we all got lazy posting to blogs that only a handful of people ever read. So we all migrated to the social platforms. I started this blog when I started my consulting work for two reasons: I wanted to one place where I can put all my notes

I was fortunate enough to attend the Data Privacy Council meeting last July 30, where the NPC shared updates on what they've been up to and their plans for the remainder of 2020. Here are the more important items from the presentations: DPO Registration. As you may already know, the NPC extended the validity of the DPO registrations since the new NPC portal is not yet ready (among a host of reasons for the extension, I am sure). Note though that the NPC continues to accept and process applications for DPO registration. These can be submitted via email. Please refer to the NPC website for more information. Privacy Sweeps. The NPC continues to do Privacy Sweeps, and they have completed 175 swe