Archive for the ‘Compliance’ Category

The Family Educational Rights and Privacy Act of 1974 (FERPA) is a United States federal law that determines how educational information can be accessed. The law give parents access to their child’s education records, and more control over how their data can be disclosed. In most cases, the school is required to obtain consent from the parents before disclosing their child’s information. FERPA only covers educational institutions that receive funds … Read more

Since the advent of the GDPR, a number of data protections laws have started to spring up that are following a similar type of theme. Of course, given that 4.1 billion records were breached during the first half of 2019, it was really just a matter of time until the authorities were forced to step up their game. On the 28th of June, 2018, we saw the California Consumer Privacy … Read more

The GDPR is an EU regulation that came into effect on 25 May 2018. The directive aims to ensure that organizations have policies and procedures put in place to protect the data of EU citizens. Below is a checklist that is designed to assist organizations in complying with the GDPR. 1. Awareness All employees, whether they are IT, executives, general administrators, consultants, sales and marketing executives, human resource managers, and … Read more

The California Consumer Privacy Act (CCPA) is a new data protection bill that will come into effect on the 1st of January 2020. The CCPA is designed to give Californian citizens more control over how their personal data is stored and processed. Under the CCPA, companies must demonstrate that they are able to identify, delete or quarantine personal data in a timely manner, as per the data subjects request. Additionally, … Read more

With the introduction of the GDPR, Europe showed the world that it was taking data privacy and data security laws seriously. Whatever your opinions are on the effects of the GDPR and how GDPR breaches are being handled, it can’t be denied that the thinking behind it is rational. It was only a matter of time before other countries followed suit. In the USA, there is still yet to be … Read more

The International Organization for Standardization (ISO) is a non-governmental organization for setting proprietary, industrial and commercial standards. In the context of data security, ISO 27001 provides standards for developing and implementing information security policies and processes. Such standards are not enforced, but instead provide a framework to help organizations satisfy the relevant compliance requirements. It is a good idea for businesses to be ISO 27001 certified because it will improve … Read more

Since the GDPR was introduced in May 2018, the EU’s supervisory authorities have issued over €370 million in fines, although some of these fines are still pending. British Airways has been issued a record fine amounting to £183m (approximately 1.5% of global annual turnover) in relation to a data breach that was first disclosed on 6 September 2018. The breach resulted in the exposure of approximately 500,000 customer records, which … Read more

As organizations store increasingly more data and IT environments become increasingly more complex, the challenges faced by IT managers can become overwhelming, to the point where many are experiencing high levels of stress. With the average cost of a data breach at around $4m, not to mention the potentially irreparable damage that could be done to the organization’s reputation, there’s really no margin for error. So how can IT managers … Read more

The Gramm-Leach-Bliley Act (GLBA) is a law that applies to financial institutions in the United States. It is designed to protect sensitive data such as names, addresses, credit histories, and so on. When we think of financial institutions, we tend to imagine large commercial banks, however, a “financial institution” can be any company that deals with loans, deposits, investments and currency exchange. As such, a financial institution could include payday … Read more

Any organization that has access to electronic Protected Health Information (ePHI) is required to comply with HIPAA (Health Insurance Portability and Accountability Act of 1996). Given that HIPAA applies to a wide range of covered entities and business associates, the requirements can be somewhat vague, which makes it difficult to know where to start. To help with this, below are 15 key questions that need to be answered, in order … Read more