00:07
Adam Stofsky
Hey, Shannon, how are you? 

00:09
Shannon Yavorsky
Good. Adam, how's it going? 

00:12
Adam Stofsky
Good. So can you give us a broad view about data privacy law? You know, what is it and why is it important? 

00:22
Shannon Yavorsky
It's a great question. So what is privacy law? Lots of companies these days collect just a ton of personal information about you. Your name, your email address, your physical address, but even other things like your IP address or your device id. And privacy law really evolved to provide guidelines and a framework for companies that are using this information, like, how are they allowed to use it? How are they allowed to share it? And privacy laws around the world really evolved in order to provide a framework for companies in relation to how they can use and share privacy personal information. And these laws have their roots in the OECD principles of the late 70s and early 80s. So it's a long history of privacy legislation that is fundamentally hasn't shifted a ton. And they're organized around a couple of core principles. 

01:18
Shannon Yavorsky
So transparency, ensuring that you're providing individuals with a notice of what kind of data you're collecting about them, how you're using and sharing it. And that comes out in the privacy notices that you see, sort of the footer, a link in the footer of websites that describes what a company does with the information they collect from you, and then minimization. So what is the data that the company actually needs to collect? If they're just, you know, you're buying a product from them, do they really need your Social Security number? So making sure that the amount of data that's collected is really as minimal as possible. Storage limitation, so that same company isn't storing that data forever, that there is a, you know, a retention schedule and it gets rid of it after a certain period of time. 

02:08
Shannon Yavorsky
Purpose limitation is another core principle, and that's really around using the data that an organization collects only for the purpose for which it was collected. So as an example, you collect my. You, the company, collect my name and address to send me a product you don't otherwise use that information for, you know, unless I've agreed to it marketing to me or for another purpose outside what I would really expect or what outside of what was described in the privacy notice. And finally, data security. Making sure that the company keeps the data secure, has the, you know, right security measures in place to help prevent data breaches. 

02:49
Adam Stofsky
All right, so walk through them one more time for everyone. What are these five key principles? 

02:56
Shannon Yavorsky
So, transparency, making sure that it's very clear to people what data is being collected about them, how it's being used and shared storage limitation, making sure you're only storing it for as long as needed. Data minimization. So only collecting the data that you actually need to fulfill a particular task. Purpose limitation. Only using data for the purpose for which it was collected. And data security, keeping data safe. Okay, great. All right. Thank you so much, Shannon. 

<div style="padding:56.25% 0 0 0;position:relative;"><iframe src="https://player.vimeo.com/video/869642633?badge=0&amp;autopause=0&amp;player_id=0&amp;app_id=58479" frameborder="0" allow="autoplay; fullscreen; picture-in-picture; clipboard-write; encrypted-media; web-share" referrerpolicy="strict-origin-when-cross-origin" style="position:absolute;top:0;left:0;width:100%;height:100%;" title="12001_Overview of Data Privacy Law Principles"></iframe></div><script src="https://player.vimeo.com/api/player.js"></script>