Thomson Reuters interviewed me for their new series on data privacy and the EU General Data Protection Regulation; here’s the audio!

What if you just said when you breach, the damages that you owe to the people whose data you breached cannot be limited to the immediate cognizable consequences of that one breach but instead has to take recognition of the fact that breaches are cumulative? That the data that you release might be merged with some other set that was previously released either...