30 Years of Custom Metal Manufacturing


Data Privacy Management

Data privacy is also a topic that can spark big debates, like the one between the US and the EU as to what protections should be accorded to data pertaining to people, specifically by those who collect, control, or process such data.As we approach Data Privacy Day 2018, consider this question: how much risk do you believe theft or exposure of private data poses to human health, safety, or prosperity? ESET security researchers posed that exact question to over 700 US adults last year. Respondents were asked to rate the risk on an eight point scale from “no risk at all” to “very high risk.” More than 70% of respondents rated the risk above moderate and almost 50% rated it high or very high.


The European Union claims that the General Data Protection Regulation (GDPR), which comes to term on May 25, is the most important change in data privacy regulation in 20 years. Many companies have spent months preparing for the changes, working on policy and compliance, and introducing changes to their products in order to meet new standards.

We have received quite a few alerts and emails about those policy changes from a wide variety of companies. Combing through the alerts allowed us to see some interesting methods to solve—or evade—the problems that come with making businesses compliant. Let’s take a look at how different companies are coping with GDPR changes, and what you’ll need to pay attention to in those emails.


Document Review

Document review (also known as doc review), in the context of legal proceedings, is the process whereby each party to a case sorts through and analyzes the documents and data they possess (and later the documents and data supplied by their opponents through discovery) to determine which are sensitive or otherwise relevant to the case. Document Review is a valuable main staple of the type of work performed by attorneys for their clients, though it is increasingly common for the work to be performed by specialized document review attorneys.

Document drafting

Drafting is the preliminary stage of a written work in which the author begins to develop a more cohesive product. A draft document is the product the writer creates in the initial stages of the writing process.In a book that became popular in the 1950s, The Elements of Style, famed authors Strunk and White describe the first draft as being a less edited version of the final draft. In their book, Strunk and White say, “the first principle of composition is to foresee or determine the shape of what is to come and pursue that shape. This shape is the draft that eventually becomes the finished work.

More recently, Peter Elbow, in his book Writing Without Teachers, presents a very different view of the drafting stage in the writing process. He describes his stance on the writing process, saying “Writing is a way to end up thinking something you couldn’t have started out thinking


Privacy Risk Assessment

Privacy Engineering Objectives Privacy Principles Mission/Business Needs | System Functionality & Design Data mapping Requirements Definition Controls Selection → Implementation → Assessment Predictability Enabling reliable assumptions by individuals, owners, and operators about PII and its processing by a system. Manageability Providing the capability for granular administration of PII including alteration, deletion, and selective disclosure Disassociability Enabling the processing of PII or events without association to individuals or devices beyond the operational requirements of the system. Privacy Posture Monitoring *Per NIST Special Publication 800-30 System privacy requirements How can the system enable reliable assumptions about data processing? How much manageability of data does this system need? How can data be dissociated from individuals or devices while still permitting functionality in the system? Organizational Privacy Requirement

Privacy Impact Assessment

Privacy impact assessments (PIAs) are a tool which can help organisations identify the most effective way to comply with their data protection obligations and meet individuals’ expectations of privacy. An effective PIA will allow organisations to identify and fix problems at an early stage, reducing the associated costs and reputational damage which might otherwise occur. PIAs are an integral part of taking a privacy by design approach, and will be mandatory under the General Data Protection Regulations (GDPR) for processes and technologies that are likely to result in a high risk to the rights of data subjects.

If you have not already done so it would be useful to familiarise yourself with the University’s Data Classification Principles. The University requires a PIA for any new processes or technologies involving restricted or highly restricted data.


Privacy Consultation

“They were closed discussions so the greater public wasn’t getting a chance to provide feedback and understand what kinds of trade-offs people were potentially making,” said Hoffman. “Most of those discussions didn’t allow for people to talk about specific bill language in a way that you can have thoughtful dialogue about how it will actually protect privacy.”