Kathrin Gardhouse

We asked ChatGPT five privacy questions covering the GDPR, HIPAA, and US and Canadian private sector privacy laws and evaluated its responses. We didn’t go easy on it, but ChatGPT hit it out of the park except, in two cases, when asked to provide accurate links to its resources. However, the resources were still easily … Read more

Although they hardly need an introduction, Salesforce is a cloud-based customer relationship management (CRM) service that allows businesses to efficiently connect with their customers, find prospects, close deals, automate marketing, develop apps, and analyze their data to draw out valuable insights. In this article we explore whether Canadian businesses subject to Quebec’s private sector privacy … Read more

After a political deal had been reached on December 8, 2023, we now have an unofficial draft of the EU AI Act. There are two versions available online, one posted by Euractiv Technology Editor Luca Bertuzzi which compares the Commission Proposal, the European Parliament’s revisions, the version of the Council, and lastly the Draft Agreement. … Read more

The California Consumer Privacy Act (CCPA) has been in effect since January 1, 2020, and it has impacted the way businesses collect, use, and protect consumers’ personal information considerably. Just over 9 months later, California voters approved Proposition 24, the California Privacy Rights Act (CPRA), which amends the CCPA and strengthens California’s data privacy laws … Read more

In the US, there is, as of yet, no comprehensive federal privacy legislation, but there is a federal agency, the Federal Trade Commission (FTC), that is at the forefront of notable enforcement actions. In the absence of comprehensive federal privacy law, the FTC relies for its privacy enforcement actions on acts that are either narrowly … Read more

On December 8, 2023, the European Parliament, European Commission, and Council of the EU reached a significant political agreement concerning AI regulation. An analysis of the unofficial final draft is forthcoming, but in the meantime, it is important to note key developments. The primary issue under consideration was whether to regulate the technology behind AI … Read more

In the contemporary landscape of health information technology, the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule sets a national standard for the protection of individuals’ medical records and other protected health information (PHI). The HIPAA Privacy Rule allows for health information to be de-identified using two methods: the Safe Harbor method, which requires … Read more

The European Union’s recent review of Canada’s data protection adequacy, a follow-up to the initial adequacy decision made in 2001, offers an insightful perspective into Canada’s compliance with evolving international data privacy standards. This EU canada data protection adequacy review, part of the EU’s broader evaluation under the General Data Protection Regulation (GDPR), reaffirms Canada’s status … Read more

Artificial Intelligence (AI) has infiltrated various sectors of our lives, leading to an urgent need for standardized frameworks to ensure its ethical and responsible use. The ISO/IEC 42001 standard is a recent addition to the roster of international standards, aiming to provide organizations with a structured approach to managing AI systems while fostering innovation and … Read more

Recent updates to OpenAI’s privacy policies, terms of use applicable to individuals, and business terms have sparked the interest of the privacy and business community. The former two are coming into effect on Jan 31, 2024, except insofar as the Europe privacy policy is concerned,  and the business terms are already in force as of … Read more