Data Security & Compliance Blog

On April 28, 2022, the Connecticut General Assembly passed a new data privacy law called Senate Bill 6 (SB 6), which should come into effect on July 1, 2023. The new law is said to share similarities with the Colorado Privacy Act (CPA), Virginia Consumer Data Protection Act (CDPA), and Utah Consumer Privacy Act (UCPA). Who Does SB 6 Apply to SB 6 applies to all individuals and organizations in … Read more

The Payment Card Industry Data Security Standard (PCI-DSS) is a set of security standards that are designed to ensure that companies who collect and store payment card information (PCI) are able to do so in a secure manner. Best Practices for PCI Compliance PCI compliance is not a one-time event, but rather an ongoing process, which must be frequently reviewed and updated. Below are some of the best practices to … Read more

Cybersecurity continues to be a big concern for healthcare professionals. The growth of data breaches and cybersecurity attacks suggests that CISOs in the organizations should not hesitate to perform HIPAA security risk assessments and reevaluate their security reinforcements HIPAA is the Health Insurance Portability and Accountability Act of 1996. It is U.S. legislation created to improve healthcare standards. HIPAA sets the standards that protect sensitive patient data. HIPAA has a … Read more

The Gramm-Leach-Bliley Act (GLBA) Safeguards Rule was first promulgated in 2002 and was designed to ensure that financial institutions have measures in place to keep customer information secure. On October 27, 2021, the Federal Trade Commission (FTC) announced a number of important changes to the Safeguards Rule, which came into effect on January 10, 2022. The main purpose of these changes is to ensure that any non-bank financial institutions (or … Read more

In accordance with HIPAA’s Privacy Rule and Security Rule, covered entities are required to have physical, administrative, and technical safeguards in place when sharing Protected Health Information (PHI). This includes ensuring that all PHI is encrypted to industry-grade standard, both at rest and in transit. Below is a more detailed description of the safeguards that must be in place for a covered entity to remain compliant with HIPAA, and how … Read more

As the acronym would suggest, the Payment Card Industry Data Security Standard (PCI DSS) is a set of global security standards for the payment card industry, which is maintained by the PCI Security Standards Council (PCI SSC). There are 12 core requirements for any complete PCI DSS checklist, which we have simplified into 9 steps you need to take. Need for PCI Compliance The PCI compliance was first introduced in … Read more

The Texas Medical Records Privacy Act (TMRPA), or the “Texas privacy act”, came into effect on September 1, 2019. The Texas privacy act is said to be similar to the Health Insurance Portability and Accountability Act (HIPAA), in that it was introduced to safeguard Protected Health Information (PHI), which relates to the “past, present or future health of an individual; the provision of healthcare to an individual; or the payment … Read more

The California Privacy Rights Act (CPRA) is a data privacy law that is designed to enhance the existing CCPA (California Consumer Privacy Act). The CPRA will come into effect on January 1, 2023, and applies to any business that collects personal information belonging to Californian residents. The CPRA also applies to businesses that buy, sell or share the personal information of 100,000 or more consumers or households in a year, … Read more

The Information Transparency and Personal Data Control Act (ITPDCA) was introduced on March 10, 2021, and has been hailed as “the first piece of comprehensive privacy legislation introduced in the 117th U.S. Congress.” Many see the ITPDCA as a step towards a new US data privacy environment. The purpose of the bill was to “establish a uniform set of rights for consumers and create one set of rules for businesses … Read more

One of the key differences between the GDPR, launched in May 2018, and the original Data Protection Directive (DPD) which was enacted in 1995, was the introduction of two specific roles: data controllers and data processors – both of whom have unique legal obligations. The reason why these roles were introduced was to close a loophole that allowed covered entities to essentially “pass the buck” when it came to safeguarding … Read more