Archive for the ‘Compliance’ Category

If your organization stores, processes or transfers the data of EU citizens (whether they are your customers or your employees) then the GDPR should be at the forefront of your mind. If you want to avoid the serious implications of non-compliance, including potentially crippling fines, then you need to get to grips with what the GDPR entails and how to ensure you are compliant. If your organization has typically had … Read more

The California Consumer Privacy Act continues to evolve and is taking shape nicely with just five months to go until it becomes compulsory. The California State Senate recently voted on seven amendments to the Act, with most of them passing through without change. So, let’s go through what the Senate voted to include in the legislature. Assembly Bill 25 The amendment to this bill gives companies an extra year to … Read more

A new bill recently passed by a Senate Committee incentivizes healthcare entities to adopt cybersecurity policies, and therefore making it easier for authorities to enforce the Health Insurance Portability and Accountability Act (HIPAA). The piece of legislation has been introduced to help lower the cost of healthcare, but it touches upon healthcare in that it asks providers to focus on cybersecurity frameworks when designing their security policies. The Lower Health … Read more

There has been a lot of talk about the California Consumer Protection Act (CCPA) and how it will affect data security and privacy in California, and this talk has often overshadowed the attempts other States are making to protect consumer data. Nevada recently passed Senate Bill 220 (an Act relating to Internet privacy) which requires organizations in Nevada that store, process or maintain data to comply on or before October … Read more

With the one-year anniversary of the General Data Protection Regulation (GDPR) just passed, it’s interesting to see whether the climate of fear, uncertainly and doubt that pervaded the cybersecurity ecosystem was justified. Serious questions were being asked about whether companies could get themselves ready for the compliance mandate, and whether business-crippling fines would be handed out to those who couldn’t. For a closer look at how the current compliance landscape … Read more

Today (May 25, 2019) marks the one-year anniversary of the European Union’s General Data Protection Regulation coming into effect. Now seems as good a time as any to take stock and assess what the GPDR has taught us. Have companies embraced stricter data protection laws? Do companies know exactly what is required of them to stay compliant? Have Data Protection Authorities (DPAs) been putting their foot down when it comes … Read more

Approximately one year ago, the General Data Protection Regulation (GDPR) came into effect, and it has arguably made a significant impact on organizations across all sectors. Since the 25 May 2018, the GDPR has issued a total of €55.96m in fines. To be fair, most of this sum was accumulated by Google. Google was fined €50m by French data regulator for “failing to provide users with transparent and understandable information … Read more

It is estimated that a HIPAA violation on average will cost an organization around $1.1 million in settlement fees. That’s before the loss in revenue that accompanies a data breach, as well as the costs of breach notifications, forensics, lawsuits and other key implications. The more accurate figure when all that is taken into consideration is closer to $8 million. Can your organization afford to not be HIPAA compliant? What … Read more

Back in 2009, the Health Insurance Portability and Accountability Act (HIPAA) was combined (or updated) with the Health Information Technology for Economic and Clinical Health Act (HITECH) to increase its strictness in line with social and technological advances. Despite this, many still claim that HIPAA does not go far enough to secure patient data, and the increasing regularity with which we see data breaches in the healthcare industry seems to … Read more

Data security and data privacy regulations are increasing in number, strictness and complexity year upon year. For many governing bodies, the necessity for data protection and the privacy of the individual is a major priority. Any organization that deals with sensitive information (Personally Identifiable Information or other confidential data) is likely to fall under one or more of these regulations. Midway through last year, on the 25th May 2018, the … Read more