Data Security & Compliance Blog

The International Organization for Standardization (ISO) is a non-governmental organization for setting proprietary, industrial and commercial standards. In the context of data security, ISO 27001 provides standards for developing and implementing information security policies and processes. Such standards are not enforced, but instead provide a framework to help organizations satisfy the relevant compliance requirements. It is a good idea for businesses to be ISO 27001 certified because it will improve … Read more

Since the GDPR was introduced in May 2018, the EU’s supervisory authorities have issued over €370 million in fines, although some of these fines are still pending. British Airways has been issued a record fine amounting to £183m (approximately 1.5% of global annual turnover) in relation to a data breach that was first disclosed on 6 September 2018. The breach resulted in the exposure of approximately 500,000 customer records, which … Read more

As organizations store increasingly more data and IT environments become increasingly more complex, the challenges faced by IT managers can become overwhelming, to the point where many are experiencing high levels of stress. With the average cost of a data breach at around $4m, not to mention the potentially irreparable damage that could be done to the organization’s reputation, there’s really no margin for error. So how can IT managers … Read more

The Gramm-Leach-Bliley Act (GLBA) is a law that applies to financial institutions in the United States. It is designed to protect sensitive data such as names, addresses, credit histories, and so on. When we think of financial institutions, we tend to imagine large commercial banks, however, a “financial institution” can be any company that deals with loans, deposits, investments and currency exchange. As such, a financial institution could include payday … Read more

Any organization that has access to electronic Protected Health Information (ePHI) is required to comply with HIPAA (Health Insurance Portability and Accountability Act of 1996). Given that HIPAA applies to a wide range of covered entities and business associates, the requirements can be somewhat vague, which makes it difficult to know where to start. To help with this, below are 15 key questions that need to be answered, in order … Read more

If your organization stores, processes or transfers the data of EU citizens (whether they are your customers or your employees) then the GDPR should be at the forefront of your mind. If you want to avoid the serious implications of non-compliance, including potentially crippling fines, then you need to get to grips with what the GDPR entails and how to ensure you are compliant. If your organization has typically had … Read more

The California Consumer Privacy Act continues to evolve and is taking shape nicely with just five months to go until it becomes compulsory. The California State Senate recently voted on seven amendments to the Act, with most of them passing through without change. So, let’s go through what the Senate voted to include in the legislature. Assembly Bill 25 The amendment to this bill gives companies an extra year to … Read more

A new bill recently passed by a Senate Committee incentivizes healthcare entities to adopt cybersecurity policies, and therefore making it easier for authorities to enforce the Health Insurance Portability and Accountability Act (HIPAA). The piece of legislation has been introduced to help lower the cost of healthcare, but it touches upon healthcare in that it asks providers to focus on cybersecurity frameworks when designing their security policies. The Lower Health … Read more

There has been a lot of talk about the California Consumer Protection Act (CCPA) and how it will affect data security and privacy in California, and this talk has often overshadowed the attempts other States are making to protect consumer data. Nevada recently passed Senate Bill 220 (an Act relating to Internet privacy) which requires organizations in Nevada that store, process or maintain data to comply on or before October … Read more

With the one-year anniversary of the General Data Protection Regulation (GDPR) just passed, it’s interesting to see whether the climate of fear, uncertainly and doubt that pervaded the cybersecurity ecosystem was justified. Serious questions were being asked about whether companies could get themselves ready for the compliance mandate, and whether business-crippling fines would be handed out to those who couldn’t. For a closer look at how the current compliance landscape … Read more