K Royal

Associate General Counsel at TrustArc

Reach out to K about her column at @heartofprivacy on Twitter, or www.linkedin.com/in/kroyal/.

My Articles

A Dedicated Data Discussion

Amid the new US laws and amendments none were as broad and far-reaching as California’s Consumer Privacy Act (CCPA). The law is expected to serve as a model for other states and nations, so in-house counsel who are not currently affected should follow its developments with an eye toward their own jurisdiction.

The Privacy Shield is Broken

It is clear that the European Union is taking a strong stand on protecting personal information from government intrusion and that the United States is particularly susceptible to restrictions. US companies must take appropriate steps to consider the risk and enact mitigations for personal information being processed from the European Union.

How to Build the Vendor Oversight Program of Your Dreams

Implementing a vendor oversight program that is appropriate for your organization is critical. There are several considerations that factor into setting up your program, similar to building a house. You need a solid foundation, a framework that fits both function and form, a well-positioned structure that covers it all, and the internal and external components that make it comfortable and appealing, along with providing safety and security.

Your Vendor, Your Risk

In this article, we will first provide an overview of some key concepts that apply to vendor management before discussing the regulatory landscape and the lifecycle of vendor management. We will cover the entire lifecycle: before, during, and after, along with legal requirements and special circumstances.

How to Transition into a Legal Privacy Role

Often, lawyers who are interested in moving to a privacy role may come from a legal, compliance, or, in rare cases, an information security role. But even if you are not interested in a new focus, how do you help guide your company in considering a person who is looking to transition? As in-house counsel, you may be in a key position to influence the job expectations and description and perhaps even the hiring. Let’s look at each of these three fields.

Transferring Personal Data Out of the European Union: Which Export Solution Best Fits Your Needs?

Determining the appropriate cross-border transfer mechanism is not a decision to be taken lightly. In-house counsel must consider and weigh multiple factors including the types of data your organization transfers, your organization’s data flows, the locations of your corporate entities, cost, effort and ownership within your organization and much more.