Archive for the ‘Compliance’ Category

There has been a lot of talk about the California Consumer Protection Act (CCPA) and how it will affect data security and privacy in California, and this talk has often overshadowed the attempts other States are making to protect consumer data. Nevada recently passed Senate Bill 220 (an Act relating to Internet privacy) which requires organizations in Nevada that store, process or maintain data to comply on or before October … Read more

With the one-year anniversary of the General Data Protection Regulation (GDPR) just passed, it’s interesting to see whether the climate of fear, uncertainly and doubt that pervaded the cybersecurity ecosystem was justified. Serious questions were being asked about whether companies could get themselves ready for the compliance mandate, and whether business-crippling fines would be handed out to those who couldn’t. For a closer look at how the current compliance landscape … Read more

Today (May 25, 2019) marks the one-year anniversary of the European Union’s General Data Protection Regulation coming into effect. Now seems as good a time as any to take stock and assess what the GPDR has taught us. Have companies embraced stricter data protection laws? Do companies know exactly what is required of them to stay compliant? Have Data Protection Authorities (DPAs) been putting their foot down when it comes … Read more

Approximately one year ago, the General Data Protection Regulation (GDPR) came into effect, and it has arguably made a significant impact on organizations across all sectors. Since the 25 May 2018, the GDPR has issued a total of €55.96m in fines. To be fair, most of this sum was accumulated by Google. Google was fined €50m by French data regulator for “failing to provide users with transparent and understandable information … Read more

It is estimated that a HIPAA violation on average will cost an organization around $1.1 million in settlement fees. That’s before the loss in revenue that accompanies a data breach, as well as the costs of breach notifications, forensics, lawsuits and other key implications. The more accurate figure when all that is taken into consideration is closer to $8 million. Can your organization afford to not be HIPAA compliant? What … Read more

Back in 2009, the Health Insurance Portability and Accountability Act (HIPAA) was combined (or updated) with the Health Information Technology for Economic and Clinical Health Act (HITECH) to increase its strictness in line with social and technological advances. Despite this, many still claim that HIPAA does not go far enough to secure patient data, and the increasing regularity with which we see data breaches in the healthcare industry seems to … Read more

Data security and data privacy regulations are increasing in number, strictness and complexity year upon year. For many governing bodies, the necessity for data protection and the privacy of the individual is a major priority. Any organization that deals with sensitive information (Personally Identifiable Information or other confidential data) is likely to fall under one or more of these regulations. Midway through last year, on the 25th May 2018, the … Read more

Over the last year we have seen a dramatic rise in the number of data breaches being reporting to the ICO under the General Data Protection Regulation (GDPR). Since the GDPR took effect in May of 2018, it seems that awareness over cybersecurity issues and the obligations organizations have to report breaches has increased. We can see that this increase is reflected in the statistics. The Irish Data Protection Commission … Read more

A recent Forrester report titled “Security Through Simplicity” surveyed 481 IT security decision makers regarding their GDPR readiness. Surprisingly, according to the study, most of the organizations surveyed had not carried out fundamental steps towards GDPR compliance. A small caveat here. The December study was commissioned in August but wasn’t completed until September – well after the GDPR had come into place on May 25th. There are no excuses as … Read more

The “Right to be Forgotten” (RTBF) may be a much talked about feature of the EU General Data Protection Regulation (GDPR), but it actually existed long before this regulation came into being. Essentially, the RTBF acts as a set of rights given to the consumer regarding how their personal data is being help by an organization (“controller”). Consumers can ask controllers for their data to be removed and the controller … Read more