Data Breach Readiness

Incident Response

Apr 9, 2026

•

10 min read

Plan Hard, Respond Fast: Is Your Incident Response Plan Lying to You?

A practical, non-legal guide to closing the gap between 'we have an IRP' and 'we can execute it at 10:47 p.m.'

Alia Luria

Vendor Risk

Vendor Tiering: Your Vendor List Is Not a Vendor Program

Mar 19, 2026

•

17 min read

Vendor Tiering: Your Vendor List Is Not a Vendor Program

A Fieldnotes guide to vendor privacy reviews that actually reduce risk without turning procurement into a bottleneck.

Alia Luria

Privacy Training

Mar 2, 2026

•

14 min read

You May Be Missing Valuable Privacy Training Opportunities If You're Not Leveraging Tabletops Effectively

A practical, non‐legal guide to weaving tabletop exercises into your privacy training program—plus when to build the muscle in‐house vs. outsource it (so “annual training” isn’t your only line of defense).

Alia Luria

Data Retention

Feb 24, 2026

•

10 min read

Your Old Data is Not a Family Heirloom

It’s not going to end up on Antiques Roadshow with a surprise valuation, so let this be a gentle intervention to move your data retention program from “we should delete” to “we did delete.”

Alia Luria

Incident Response

Why We Should Stop (Always) Treating Privacy Tabletop Exercises Like Fire Drills

Feb 24, 2026

•

13 min read

Why We Should Stop (Always) Treating Privacy Tabletop Exercises Like Fire Drills

And start treating them like routine training exercises

Alia Luria

Data Breach Readiness

Plan Hard, Respond Fast: Is Your Incident Response Plan Lying to You?

Vendor Tiering: Your Vendor List Is Not a Vendor Program

You May Be Missing Valuable Privacy Training Opportunities If You're Not Leveraging Tabletops Effectively

Your Old Data is Not a Family Heirloom

Why We Should Stop (Always) Treating Privacy Tabletop Exercises Like Fire Drills

The Privacy Design Lab