The Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) is a data privacy law that applies to “any person or business which owns or licenses computerized data which includes private information” of a resident of New York. The law, which came into effect on March 21, 2020, was designed to extend the existing NYDFS (NY State Information and Security Breach and Notification Act) by imposing more stringent data … Read more
What is the SHIELD Act: Tips for Achieving SHIELD Compliance
06.15.2021, Compliance, by
Philip Robinson.
The Graham-Leach-Bliley Act (GLBA), also known as the ‘Financial Modernization Act,’ is a United States law that was passed to ensure that financial institutions obtain consent from their data subjects before sharing their non-public personal information (NPI). Before collecting information about an individual, financial institutions must explain to their customers how they plan to use and share their information. They must also implement the necessary procedural and technical safeguards to … Read more
In accordance with the HIPAA Breach Notification Rule, covered entities are required to notify patients (and the relevant authorities) when their protected heath information (PHI) has been compromised in such a way that puts their privacy at stake. If a patient’s PHI is used or disclosed in an impermissible manner it is presumed to have been breached, unless the covered entity is able to demonstrate that there is a … Read more
Understanding the HIPAA Minimum Necessary Standard
05.10.2021, Compliance, Data Security, by Philip Robinson.
Those familiar with data security best practices will have heard of the “principle of least privilege”, which is where employees and relevant stakeholders are granted the least access privileges they need to carry out their role. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) has adopted a similar principle known as “The HIPAA Minimum Necessary Standard”, which is an integral part of The HIPAA Security Rule. The … Read more
On the 1st of October, 2025, the Cybersecurity Maturity Model Certification (CMMC) will come into effect. CMMC is a cybersecurity framework that is being developed by The United States Department of Defense (DoD). What is CMMC Compliance? The purpose of CMMC is to standardize cybersecurity practices across the federal government’s defense industrial base (DIB), and to ensure that organizations who handle Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) … Read more
What is ISO 27001? The International Organization for Standardization (ISO) consists of representatives from various national standards organizations. With the exception of acronyms, they develop and publish international standards for pretty much everything. ISO 27001 is the international standard for information security management systems (ISMS). Who does ISO 27001 apply to? One might assume that it only applies to IT companies, such as software companies and cloud service providers. However, … Read more
What is GLBA Compliance? The Gramm-Leach-Billey Act of 2019
10.07.2020, Compliance, by Philip Robinson.
The Gramm-Leach-Billey Act of 2019 (GLBA), is a federal law in the United States of America that has been constructed to improve visibility over how financial organizations share and protect customer information. It is sometimes known as the Financial Modernization Act of 2019. In short, to be GLBA compliant, financial organizations have to be more transparent with their customers about how they are sharing their sensitive information, ensure that customers … Read more
The Sarbanes-Oxley Act of 2002 was passed by the United States Congress with the goal of providing security for consumers and the general public against corporations acting maliciously or carelessly. The general requirements of SOX compliance are geared towards ensuring that companies are transparent when it comes to financial reporting and that there are more official rules in place to prevent fraud. Adhering to SOX compliance requirements is not only … Read more
13 Compliance Requirements for Criminal Justice Information Services (CJIS)
04.21.2020, Compliance, by
Josh Van Cott.
The Criminal Justice Information Services (CJIS) is the largest division of the United States Federal Bureau of Investigation (FBI), and is comprised of several departments, including the National Crime Information Center (NCIC), Integrated Automated Fingerprint Identification System (IAFIS) and the National Instant Criminal Background Check System (NICS). CJIS provides law enforcement agencies across the United States with a centralized source of criminal justice information (CJI), which can be used to … Read more
The Family Educational Rights and Privacy Act of 1974 (FERPA) is a United States federal law that determines how educational information can be accessed. The law give parents access to their child’s education records, and more control over how their data can be disclosed. In most cases, the school is required to obtain consent from the parents before disclosing their child’s information. FERPA only covers educational institutions that receive funds … Read more
