AIIM - The Global Community of Information Professionals

Andrew Pery

Recent Posts

Guest Post - Data Privacy and Open Data: Secondary Uses under GDPR

Mar 26, 2018 9:28:26 AM by Andrew Pery

This is the ninth post in a series on privacy by Andrew Pery. You might also be interested in:

Consider this – over ninety percent of world’s data, estimated to be a staggering sixteen zettabytes, was created in the past 5 to 6 years.  And, it is estimated that by 2025 the world’s digital data will grow to one hundred and sixty three zettabytes.  

Read More

Topics: information governance, electronic records management, privacy, information security, gdpr

Guest Post - Three Critical Steps for GDPR Compliance

Jan 17, 2018 11:04:00 AM by Andrew Pery

This is the eighth post in a series on privacy by Andrew Pery. You might also be interested in:

Read More

Topics: information governance, electronic records management, privacy, information security, gdpr

Guest Post -- GDPR Compliance starts with Data Discovery

Nov 16, 2017 9:00:00 AM by Andrew Pery

This is the seventh post in a series on privacy by Andrew Pery. You might also be interested in:

Read More

Topics: privacy, security, information security, gdpr

Guest Post - Mitigate Data Privacy and Security Risks with Machine Learning

Oct 2, 2017 4:40:18 PM by Andrew Pery

This is the sixth post in a series on privacy by Andrew Pery. You might also be interested in:

Read More

Topics: privacy, security, information security, gdpr

Guest Post - The Privacy and Security Dichotomy

Aug 10, 2017 10:25:00 AM by Andrew Pery

This is the fifth post in a series on privacy by Andrew Pery. You might also be interested in:

There is a considerable divergence of opinion about the relationship between privacy rights and security concerns.   Opinion polls reflect such a divided sentiment.   A 2016 survey by Pew Research Center found that while 56% of survey participants want more to be done to keep the country safe, 52% remain seriously concerned about the scope of surveillance programs that may intrude upon their privacy, notably monitoring of internet search habits, email messages and social media interactions.  

Read More

Topics: privacy, security, information security, gdpr

Guest Post - GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law

Jul 14, 2017 9:14:00 AM by Andrew Pery

This is the fourth post in a series on privacy by Andrew Pery. You might also be interested in Privacy by Design: The Intersection of Law and Technology and What Do the GDPR and new Privacy Laws Mean for U.S. Companies? and Balancing Privacy Rights with Social Utility in the Age of the Internet of Things.

Read More

Topics: privacy, security, information security, gdpr

Guest Post - Balancing Privacy Rights with Social Utility in the Age of the Internet of Things

Jun 28, 2017 6:39:03 PM by Andrew Pery

This is the third post in a series on privacy by Andrew Pery. You might also be interested in Privacy by Design: The Intersection of Law and Technology and What Do the GDPR and new Privacy Laws Mean for U.S. Companies?

Read More

Topics: privacy, security, information security, gdpr

Guest Post - What Do the GDPR and new Privacy Laws Mean for U.S. Companies?

Jun 12, 2017 4:55:54 PM by Andrew Pery

This is the second post in a series on privacy. You might also be interested in Privacy by Design: The Intersection of Law and Technology.

The General Data Protection Regulation (GDPR), which was ratified in 2016 and will be enforced in May 2018, requires companies to meet higher standards for the protection of personally identifiable information.   

How does the GDPR impact US corporations?    

To put it simply, if your organization does business in the EU, offers goods and services to EU citizens, or processes EU citizen data, then the provisions of the GDPR apply.  Most notably, US companies should be aware of the following provisions of the GDPR:

  • More rigorous data security measures to protect the confidentiality, integrity and availability of personal information, including provision for technical measures such as encryption. Data controllers and processors must limit collection only for the purposes for which consent was obtained;
  • A higher bar for obtaining consent, which must be in the form of a clear affirmative action. This higher standard contrasts with the previous EU Directive, which allowed for implicit opt out consent. This higher bar extends to tracking cookies designed to identify a device and/or individuals;
  • New breach notification provisions with considerably more teeth, with fines that may potentially be as high as 4% of annual revenues. The definition of data breach” is “breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. This is in stark contrast to US companies, which only report data breaches that may result in fraud or identity theft”;
  • Choice by which data subjects may opt out of the disclosure or use of data, particularly when the intended disclosure or use is inconsistent with the original purpose for which the data was collected;
  • Access by data subject to correct and delete any inaccurate information, including a “right to be forgotten”; and
  • Cross Border transfer of EU citizen data must be subject to the adequacy standard. Furthermore, as a direct response to the Snowden revelations relating to the bulk collection of personal data, the European Commission and the US Department of Commerce have jointly developed a new framework for onward transfer under the EU-US Privacy Shield Framework, which supplants the previous Safe Harbor provisions.
Are US companies ready for the GDPR?

The 2016 Telstra Cybersecurity Report found that nearly 60% of organizations surveyed lack sufficient cyber security and privacy staff to handle the increasing demands of legal compliance.  

Thus, it is no surprise that investments in data privacy best practice and technologies are on the rise. A PWC survey found that 68% of US companies are expected to invest anywhere from $1 to $10 million in GDPR readiness.

What investments should US companies focus on?

Consideration should be given to the following initiatives:

  • Implementation of a robust corporate governance framework. A useful model to consider is the Information Governance Reference Model (IGRM). The IGRM model is an extension of the ARMA Generally Accepted Recordkeeping Principles;
  • Data Privacy Impact Assessment to understand current collection practices relating to personally identifiable information and identification of related risks and measures to mitigate;
  • Application of machine learning technologies, such as intelligent capture and classification to digitize incoming information, identify patterns in data collected, organize, preserve and protect data consistent with GDPR requirements.

Having in place a well-defined and clearly articulated information governance best practice empowers organizations to not only mitigate risk, but also to leverage information assets for competitive advantage.   A proactive information governance strategy will empower US organizations to comply with a more robust data privacy regime mandated by the GDPR. 

Want some help developing your information governance strategy? Join the AIIM Community for this FREE virtual event.

Click to Register for 'Developing a Modern Information Governance Strategy'

About the author:  Andrew Pery is a marketing executive with over 25 years of experience in the high technology sector focusing on content management and business process automation.  Currenly Andrew is CMO of Top Image Systems.  Andrew holds a Masters of Law degree with Distinction from Northwestern University is a Certified Information Privacy Professional (CIPP/C) and a Certified Information Professional (CIP/AIIM).

You might also be interested in this previous post by Andrew - Privacy by Design: The Intersection of Law and Technology.

Read More

Topics: privacy, security, information security, gdpr

Guest Post - Privacy by Design:  The Intersection of Law and Technology

May 18, 2017 9:26:00 AM by Andrew Pery

The case for more rigorous cybersecurity and the protection of personally identifiable information is compelling.  Consider the following facts:  

  • The Identity Theft Resource Center found that data breaches have increased 40% from 2015 to 2016, reaching an all-time high of 1,093 in the U.S. alone; and,
  • The average cost per breach in 2016 is pegged at $4 million, up 29% from the year prior.
Read More

Topics: privacy, security, information security, gdpr

About AIIM

AIIM provides market research, expert advice, and skills development to an empowered community of leaders committed to information-driven innovation.

Click to download 14 Steps to a Successful ECM Implementation

Subscribe to Email Updates

Recent Posts