Data Security & Compliance Blog

The Gramm-Leach-Billey Act of 2019 (GLBA), is a federal law in the United States of America that has been constructed to improve visibility over how financial organizations share and protect customer information. It is sometimes known as the Financial Modernization Act of 2019. In short, to be GLBA compliant, financial organizations have to be more transparent with their customers about how they are sharing their sensitive information, ensure that customers … Read more

The Sarbanes-Oxley Act of 2002 was passed by the United States Congress with the goal of providing security for consumers and the general public against corporations acting maliciously or carelessly. The general requirements of SOX compliance are geared towards ensuring that companies are transparent when it comes to financial reporting and that there are more official rules in place to prevent fraud. Adhering to SOX compliance requirements is not only … Read more

The Criminal Justice Information Services (CJIS) is the largest division of the United States Federal Bureau of Investigation (FBI), and is comprised of several departments, including the National Crime Information Center (NCIC), Integrated Automated Fingerprint Identification System (IAFIS) and the National Instant Criminal Background Check System (NICS). CJIS provides law enforcement agencies across the United States with a centralized source of criminal justice information (CJI), which can be used to … Read more

The Family Educational Rights and Privacy Act of 1974 (FERPA) is a United States federal law that determines how educational information can be accessed. The law give parents access to their child’s education records, and more control over how their data can be disclosed. In most cases, the school is required to obtain consent from the parents before disclosing their child’s information. FERPA only covers educational institutions that receive funds … Read more

Since the advent of the GDPR, a number of data protections laws have started to spring up that are following a similar type of theme. Of course, given that 4.1 billion records were breached during the first half of 2019, it was really just a matter of time until the authorities were forced to step up their game. On the 28th of June, 2018, we saw the California Consumer Privacy … Read more

The GDPR is an EU regulation that came into effect on 25 May 2018. The directive aims to ensure that organizations have policies and procedures put in place to protect the data of EU citizens. Below is a checklist that is designed to assist organizations in complying with the GDPR. 1. Awareness All employees, whether they are IT, executives, general administrators, consultants, sales and marketing executives, human resource managers, and … Read more

The California Consumer Privacy Act (CCPA) is a new data protection bill that will come into effect on the 1st of January 2020. The CCPA is designed to give Californian citizens more control over how their personal data is stored and processed. Under the CCPA, companies must demonstrate that they are able to identify, delete or quarantine personal data in a timely manner, as per the data subjects request. Additionally, … Read more

With the introduction of the GDPR, Europe showed the world that it was taking data privacy and data security laws seriously. Whatever your opinions are on the effects of the GDPR and how GDPR breaches are being handled, it can’t be denied that the thinking behind it is rational. It was only a matter of time before other countries followed suit. In the USA, there is still yet to be … Read more

The International Organization for Standardization (ISO) is a non-governmental organization for setting proprietary, industrial and commercial standards. In the context of data security, ISO 27001 provides standards for developing and implementing information security policies and processes. Such standards are not enforced, but instead provide a framework to help organizations satisfy the relevant compliance requirements. It is a good idea for businesses to be ISO 27001 certified because it will improve … Read more

Since the GDPR was introduced in May 2018, the EU’s supervisory authorities have issued over €370 million in fines, although some of these fines are still pending. British Airways has been issued a record fine amounting to £183m (approximately 1.5% of global annual turnover) in relation to a data breach that was first disclosed on 6 September 2018. The breach resulted in the exposure of approximately 500,000 customer records, which … Read more