Compliance

Wait, Does Amazon SES Actually Require TLS 1.2? Here’s What We Found If you use Amazon Simple Email Service (SES), you might have noticed a change in the documentation: TLS 1.2 is now listed as required. That sounds straightforward. But a recent set of tests done by Paubox, a HIPAA-compliant email provider, suggests the reality is more nuanced. Their findings show that SES still accepts connections using TLS 1.0 and 1.1, at least for now. So what does that mean for your email setup and security posture? Let’s walk through the details and what you should do. ...

Using AI for Marketing? Don’t Forget Privacy Rules Financial advisors are under growing pressure to adopt AI tools for marketing. Personalized email campaigns, chatbots that qualify leads, and predictive analytics can all help firms stand out. But a recent article in The Globe and Mail warns that this edge comes with a catch: privacy regulators are watching more closely than ever. If you use customer data to train AI models or to segment audiences without proper consent, you risk fines and reputational damage. ...

Why You Need a Records Retention Plan Before Building Anything with AI Introduction Every week brings news of another organization rushing to deploy AI tools—feeding customer data, internal emails, or years of transaction logs into large language models. The promise is real, but so is the risk. Among the many pieces of advice circulating in privacy circles, one principle is quietly gaining traction: get your records retention practices right before you touch AI. The International Association of Privacy Professionals (IAPP) recently published guidance framing retention policies as a prerequisite for responsible AI use, and it’s a message worth taking seriously. ...

Before You Let AI Loose on Your Data, Get Your Records Retention in Order Adopting AI tools that process personal data is rarely a simple plug-and-play decision. Many organizations focus on model accuracy, training data, or integration challenges. But a foundational step often gets overlooked: updating records retention policies. Without a solid retention framework, AI deployments can lead to compliance failures, privacy violations, and regulatory penalties. Recent guidance from the International Association of Privacy Professionals (IAPP) underscores this point—records retention should be a prerequisite, not an afterthought. ...

OpenAI’s New Privacy Filter: How to Protect PII in Your Enterprise AI Usage If your organization uses OpenAI’s API or ChatGPT Enterprise, you may have missed a quiet but important update. Earlier this year, OpenAI released a privacy filter designed to automatically detect and remove personally identifiable information (PII) from data sent to their models. There was no splashy announcement—just a brief mention in the API documentation and some scattered reports from enterprise customers. ...