Archive

Dive into a collection of past posts and rediscover timeless content.

Incident Response

Apr 9, 2026

•

10 min read

Plan Hard, Respond Fast: Is Your Incident Response Plan Lying to You?

A practical, non-legal guide to closing the gap between 'we have an IRP' and 'we can execute it at 10:47 p.m.'

Alia Luria

Incident Response

Breach Notification: The Timeline Myth that Makes Incidents Worse

Apr 6, 2026

•

12 min read

Breach Notification: The Timeline Myth that Makes Incidents Worse

A Fieldnotes guide to getting your first 48 hours right without confusing urgency with accuracy.

Alia Luria

Incident Response

Special Edition: The security and IP implications of Claude Code’s source leak

Apr 2, 2026

•

15 min read

Special Edition: The security and IP implications of Claude Code’s source leak

A Fieldnotes walkthrough of (1) what happened, (2) why it matters from a security standpoint for both Anthropic and enterprise customers, (3) how the IP story gets mushy when AI-generated authorship enters the chat, and (4) what the next year could look like for Anthropic now that the genie has slipped the bottle

Alia Luria

Data Mapping

Take Your Data Map from Promise to Practice

Mar 30, 2026

•

17 min read

Take Your Data Map from Promise to Practice

A practical Fieldnotes guide to creating a “sensible” data map that’s useful under pressure, without turning it into a six‐month art project.

Alia Luria

Privacy Change Management

Herding Cats: The Cross‐Functional Domain Your Privacy Program Runs On

Mar 26, 2026

•

13 min read

Herding Cats: The Cross‐Functional Domain Your Privacy Program Runs On

A practical way to turn “everyone’s involved” into “someone’s actually doing the thing.”

Alia Luria

Privacy Change Management

Mar 23, 2026

•

16 min read

Privacy Change Management: Avoid a Corporate Mutiny by Right-Sizing Your Tooling

Privacy operations that actually ship without a tool spiral.

Alia Luria

Vendor Risk

Vendor Tiering: Your Vendor List Is Not a Vendor Program

Mar 19, 2026

•

17 min read

Vendor Tiering: Your Vendor List Is Not a Vendor Program

A Fieldnotes guide to vendor privacy reviews that actually reduce risk without turning procurement into a bottleneck.

Alia Luria

Vendor Risk

Procurement vs Privacy: The Long-Running Sitcom Where Nobody Laughs

Mar 16, 2026

•

16 min read

Procurement vs Privacy: The Long-Running Sitcom Where Nobody Laughs

How to operationalize vendor intake and triage so review is predictable, fast, and defensible (without arguments).

Alia Luria

Risk Acceptance

Mar 12, 2026

•

17 min read

Risk Acceptance: Your Product’s Backlog is Not a Risk Committee

How to define decision rights, document defensible risk acceptance, and avoid ghostly risks that haunt your backlog graveyard.

Alia Luria

Incident Response

Acquisitions: When Two Data Inventories Become One Liability

Mar 9, 2026

•

18 min read

Acquisitions: When Two Data Inventories Become One Liability

Post-merger privacy integration basics, and how to pick first-90-days priorities so you do not inherit a data attic as a surprise.

Alia Luria

Archive

Dive into a collection of past posts and rediscover timeless content.

Plan Hard, Respond Fast: Is Your Incident Response Plan Lying to You?

Breach Notification: The Timeline Myth that Makes Incidents Worse

Special Edition: The security and IP implications of Claude Code’s source leak

Take Your Data Map from Promise to Practice

Herding Cats: The Cross‐Functional Domain Your Privacy Program Runs On

Privacy Change Management: Avoid a Corporate Mutiny by Right-Sizing Your Tooling

Vendor Tiering: Your Vendor List Is Not a Vendor Program

Procurement vs Privacy: The Long-Running Sitcom Where Nobody Laughs

Risk Acceptance: Your Product’s Backlog is Not a Risk Committee

Acquisitions: When Two Data Inventories Become One Liability

The Privacy Design Lab