Data Security & Compliance Blog

On the 1st of October, 2025, the Cybersecurity Maturity Model Certification (CMMC) will come into effect. CMMC is a cybersecurity framework that is being developed by The United States Department of Defense (DoD). What is CMMC Compliance? The purpose of CMMC is to standardize cybersecurity practices across the federal government’s defense industrial base (DIB), and to ensure that organizations who handle Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) … Read more

What is ISO 27001? The International Organization for Standardization (ISO) consists of representatives from various national standards organizations. With the exception of acronyms, they develop and publish international standards for pretty much everything. ISO 27001 is the international standard for information security management systems (ISMS). Who does ISO 27001 apply to? One might assume that it only applies to IT companies, such as software companies and cloud service providers. However, … Read more

The Gramm-Leach-Billey Act of 2019 (GLBA), is a federal law in the United States of America that has been constructed to improve visibility over how financial organizations share and protect customer information. It is sometimes known as the Financial Modernization Act of 2019. In short, to be GLBA compliant, financial organizations have to be more transparent with their customers about how they are sharing their sensitive information, ensure that customers … Read more

The Sarbanes-Oxley Act of 2002 was passed by the United States Congress with the goal of providing security for consumers and the general public against corporations acting maliciously or carelessly. The general requirements of SOX compliance are geared towards ensuring that companies are transparent when it comes to financial reporting and that there are more official rules in place to prevent fraud. Adhering to SOX compliance requirements is not only … Read more

The Criminal Justice Information Services (CJIS) is the largest division of the United States Federal Bureau of Investigation (FBI), and is comprised of several departments, including the National Crime Information Center (NCIC), Integrated Automated Fingerprint Identification System (IAFIS) and the National Instant Criminal Background Check System (NICS). CJIS provides law enforcement agencies across the United States with a centralized source of criminal justice information (CJI), which can be used to … Read more

The Family Educational Rights and Privacy Act of 1974 (FERPA) is a United States federal law that determines how educational information can be accessed. The law give parents access to their child’s education records, and more control over how their data can be disclosed. In most cases, the school is required to obtain consent from the parents before disclosing their child’s information. FERPA only covers educational institutions that receive funds … Read more

Since the advent of the GDPR, a number of data protections laws have started to spring up that are following a similar type of theme. Of course, given that 4.1 billion records were breached during the first half of 2019, it was really just a matter of time until the authorities were forced to step up their game. On the 28th of June, 2018, we saw the California Consumer Privacy … Read more

The GDPR is an EU regulation that came into effect on 25 May 2018. The directive aims to ensure that organizations have policies and procedures put in place to protect the data of EU citizens. Below is a checklist that is designed to assist organizations in complying with the GDPR. 1. Awareness All employees, whether they are IT, executives, general administrators, consultants, sales and marketing executives, human resource managers, and … Read more

The California Consumer Privacy Act (CCPA) is a new data protection bill that will come into effect on the 1st of January 2020. The CCPA is designed to give Californian citizens more control over how their personal data is stored and processed. Under the CCPA, companies must demonstrate that they are able to identify, delete or quarantine personal data in a timely manner, as per the data subjects request. Additionally, … Read more

With the introduction of the GDPR, Europe showed the world that it was taking data privacy and data security laws seriously. Whatever your opinions are on the effects of the GDPR and how GDPR breaches are being handled, it can’t be denied that the thinking behind it is rational. It was only a matter of time before other countries followed suit. In the USA, there is still yet to be … Read more