Kathrin Gardhouse

In the contemporary landscape of health information technology, the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule sets a national standard for the protection of individuals’ medical records and other protected health information (PHI). The HIPAA Privacy Rule allows for health information to be de-identified using two methods: the Safe Harbor method, which requires … Read more

The European Union’s recent review of Canada’s data protection adequacy, a follow-up to the initial adequacy decision made in 2001, offers an insightful perspective into Canada’s compliance with evolving international data privacy standards. This EU canada data protection adequacy review, part of the EU’s broader evaluation under the General Data Protection Regulation (GDPR), reaffirms Canada’s status … Read more

Artificial Intelligence (AI) has infiltrated various sectors of our lives, leading to an urgent need for standardized frameworks to ensure its ethical and responsible use. The ISO/IEC 42001 standard is a recent addition to the roster of international standards, aiming to provide organizations with a structured approach to managing AI systems while fostering innovation and … Read more

Recent updates to OpenAI’s privacy policies, terms of use applicable to individuals, and business terms have sparked the interest of the privacy and business community. The former two are coming into effect on Jan 31, 2024, except insofar as the Europe privacy policy is concerned,  and the business terms are already in force as of … Read more

OpenAI is an organization known for developing a variety of artificial intelligence (AI) models and tools, which are accessible through various platforms and services. Microsoft Azure is a cloud computing platform that offers a range of services and tools for building, deploying, and managing applications. Azure also provides AI services that enable developers and customers … Read more

On December 20, the Quebec government published the Draft Regulation respecting the anonymization of personal information in the Quebec Gazette. It follows a 45-day public consultation period. In this article, we’re setting out the most important obligations and highlighting how Private AI can help achieve compliance with Law25 in light of the new Regulation. Law25 … Read more

Traduzido por Patrícia Graciano. Read in English here A Lei Geral de Proteção de Dados (LGPD), é o posicionamento do Brasil à privacidade de dados. Ela  determina as regras que as organizações que lidam com dados pessoais – e que não anonimizam esses dados – devem seguir. Nesse post, analisaremos a anonimização de dados, a … Read more

Leia em português aqui The Lei Geral de Proteção de Dados (LGPD), Brazil’s answer to data privacy, determines the rules organizations that handle personal data have to follow, unless they anonymize the data. This article delves into data anonymization, pseudonymization and what that means for data processing activities, as well as the LGPD’s stringent response … Read more

The realm of generative AI, encompassing technologies that generate content like text, images, and videos, have seen a significant surge in usage and development. In response, the Office of the Privacy Commissioner of Canada (OPC) has introduced key privacy principles tailored to generative AI technologies on December 7, 2023. This framework is crucial for organizations … Read more

Data security and integrity are two critical concepts in the world of cybersecurity. While they are often discussed together, they have distinct definitions and implications. Data security encompasses the processes and technical safeguards established to preserve data integrity, as well as confidentiality and availability of data. In this article, we will dive into the details … Read more