With only 100 days to go until the General Data Protection Regulation becomes enforceable on May 25, it is increasingly imperative for organizations that process information relating to an identified/identifiable European person to have a firm grasp on what the regulation entails, as well as any associated impacts on business that can be reasonably expected. Here are seven key questions to ask yourself, your team, or your project manager, to gauge how prepared your organization is to meet the requirements under the GDPR.
Has our data been inventoried and mapped, such that we have a complete understanding of our data flow?
An essential prerequisite to developing a GDPR compliance plan is to have a detailed understanding of the lifecycle of the personal data processed by the organization. It is impractical to implement a reasonable GDPR compliance plan if the organization does not thoroughly understand the personal information it processes, how it was collected, where it is stored, and where and to whom it is transferred. The GDPR identifies specific categories of information that it expects organizations to keep records on, with respect to data processing.
When personal information about people is collected indirectly from third-party sources (e.g., public databases,
… Keep reading
You Can Trademark That? They Can Own What? Who Knew?
There are many reasons we have IP laws – but primary among them is to encourage creative types like artists and inventors to profit from their efforts by way of royalties or exclusive rights. To encourage those efforts, the intellectual property laws give authors and creators a relative monopoly over something they’ve created – a trademark, an invention, a script, a computer program, etc. It’s like society is saying “you made it, so you can own it – at least for a while…”
But a natural tension immediately presents itself when we grant these exclusive rights. Our culture wants to embrace, use and assimilate all that is cutting edge and new without having to ask for permission. We take – no, we borrow Pharrell Williams’ “Happy” riffs and make them background music to our YouTube® videos of our cats and our dogs. We expropriate “just a” screen capture from the Godzilla movie and create e-cards or embed them on our Facebook® pages. Our post-90s, crowd sourced, media-centered sensibility has created this “if it’s out there it must be free” (or “it wants to be free”) ethos … Keep reading
Why or what or who is Lex Indicium? Roughly translated, and with apologies to the classical scholars who may happen upon this blog, Lex Indicium means “law of information,” or “law of data” in Latin. In a broad sense, the “law” that applies to data, and/or rights in data or information is what this blog seeks to explore. In my law practice, I might say that I am an “intellectual property lawyer, who specializes in trademarks, copyrights, and information law.” But my passion and interest have been drawn to this craft by fundamental questions – “who owns or should own information—any information, be it text, raw factual data, art, etc? Should it be free or should it be exploitable and monopolized and monetized? And which answers lead to the greatest good for society?”
Since I began practicing law almost 20 years ago these questions really have been asked repeatedly in the context of one burgeoning cultural phenomenon known as digital technology—which technology has had one primary (and largely freely available) medium– the internet. But the questions themselves and the issues that flow from them are ancient, stretching back to ancient times. This, combined with my own background in … Keep reading