Upcoming Webinar - A Security Debate Zero Trust or Trust but Verify Register Now
Archive for the ‘Compliance’ Category

Microsoft have secretly been collecting data on how people in the EU are using their Office products and sending it over to servers in the USA for storing, according to a report by the Dutch government. Even those with a rudimentary understanding of the GDPR can see that this is a fragrant breach of the regulations and could potentially lead to huge, multi-million-dollar fines. Basically, Microsoft were collecting diagnostic data … Read more

It’s been almost five months since the GDPR was enforced and, on the face of it, the world took notice and realized the importance of compliance. Regulatory bodies and governments even began to make their own data protection regulations tighter in line with the new requirements, such as the UK government did with the Data Protection Act. With the GDPR, in effect, up and running, you would expect data security … Read more

Regardless of whether we are talking about GDPR, HIPPA, PCI-DSS or any other data protection regulation, they all require some form of data access governance program. A DAG program is required to ensure that organizations know what data they store, and the reasons why they are storing it. They are required to know where their sensitive data is located, who has access to it, and the type of access they … Read more

Complying with regulations is often perceived as a burdensome and costly endeavour. And in many ways, it is. But there are a number of reasons why complying with PCI-DSS can be a valuable asset to your business. Before we dive into the benefits, it is important to go through some of the basic PCI-DSS requirements. The requirements mandate companies to; install and maintain a firewall, not use any defaults passwords, … Read more

So, it hasn’t been long since the introduction of GPDR, and we’ve already seen the first high profile breach of the new data protection laws with Dixons Carphone. The multi-billion-dollar organization revealed that they suffered a cyber-security breach that involved the personal data of over a million customer records. The data included personally identifiable information (PII), including names, addresses and email addresses. The breach also related to PCI compliance as … Read more

The Health Insurance Portability and Accountability Act (HIPAA) was first put in place in 1996 and developed to be the standard for ensuring the protection of sensitive patient data. It is divided into two separate rules that work in conjunction with each other to ensure maximum protection; the Security rule and the Privacy rule. The Difference Between HIPAA Privacy and HIPAA Security Both the HIPAA Privacy and Security rules work … Read more

We’ve all heard by now that the GDPR will bring in a revised set of data protection legislation that aims to modernize the way organizations store and process the data of EU citizens. Countless articles will tell you that non-compliance with the GDPR will likely result in crippling fines. However, much of this is fear-mongering, as the vast majority of people (even experts) simply cannot predict what will happen. They … Read more

Even though GDPR is almost upon us, there still seems to be a bit of confusion as to the rules of breach notifications. How long do I have to report a breach? Who do I report a breach to? Do all data breaches need to be reported? It’s natural to have questions, and it’s natural not to want to read that outrageously long book of chapters and articles to find … Read more

I think it’s fair to say that most organizations are still struggling to understand exactly what is required of them when it comes to GDPR preparations. There is a lot of misinformation out there surrounding this topic and it can be easy to just ignore the mandate and keep your fingers crossed that it will all be OK. Obviously, this is not the way to go about it. We’ve had … Read more

So, a bit of housekeeping first. The GDPR is the brand-new regulation that everyone has been talking about, but what actually is it? You’ve probably received numerous emails from organizations asking you for permission to continue storing your personal data, and that’s what’s it’s essentially all about. Companies interacting with people in the European Union will all have to pay attention to what they’re doing with their personal data and … Read more