It is impossible for privacy professionals using manual, survey-based approaches to stay on top of an environment of ever-changing data and these days, the CTO is increasingly being tasked with operationalizing their companies’ data privacy solution. Kristina Bergman, CEO and co-founder of Integris Software, outlines four recommendations for CTOs when it comes to Data Privacy Automation.
As more people bring their own devices to work (BYOD), companies embracing blockchain can ensure that the infrastructure is secure and their employees are accommodated. Alistair Johnson, founder & CEO of Nuggets, explains how this new technology accommodates a fresh understanding of work and the technological peculiarities that come with it.
With the GDPR now in effect, businesses across Europe are adjusting to a new regulatory environment. David McLeod of activpayroll examines the GDPR's impact on the payroll landscape, and how employers might boost their compliance performance.
If signed by Governor Brown on September 30th, California’s "SB-327 Information privacy: connected devices” bill – the first to establish regulation around IoT – will require connected devices sold or offered for sale in California to have “reasonable security features appropriate to the nature of the device”. Although the bill is a good start, Aaron Guzman, Head of Automotive & IoT at Aon, outlines what an even better approach might be.
99% of successful attacks involve vulnerabilities that have been known to cybersecurity professionals for at least one year. Nollaig Heffernan describes the issues that exist today with applying software patches, primarily at the application layer, and advises on how to mange the patching effort and where priorities should lie for organizations.
We kicked off 2017 with a lot of excitement around a nasty set of SMB vulnerabilities which led to the devastatingly successful WannaCry and NotPetya attacks, and 2018 started off with a similar level of excitement concerning the Spectre and Meltdown vulnerabilities. Ivanti’s Chris Goettl discusses which trends have surfaced and what to watch for during the rest of the year.
GDPR is now the standard industry best-practice, so if you are not taking the steps outlined in this regulation, your data protection approach will be viewed as out-of-date, incomplete, and possibly negligent. In our global, digital village, you need to incorporate standards from around the world into your information security systems.
When the European Union’s General Data Protection Regulations (GDPR) becomes enforceable, many firms in the US will still not prepared to meet the needs of the regulation come May 25, 2018 – but the penalties for non-compliance are significant for businesses.
Welcome to the last of our three-part GDPR series. In this post we’ll dive deeper into a few more key concepts, like individual rights, data controllers vs. data processors (and how you can determine which one you are), and the new 72-hour rule for data breach reporting.
On May 25, 2016, the GDPR (General Data Protection Regulation) became law in 28 European countries, marking the arrival of the biggest piece of legislation ever created on a Global scale. We are now rapidly approaching the date when enforcement of the new law will commence in 2018. The most important and significant thing to remember about the regulation is its global scope — this means that wherever you are in the world, if you hold or process personal data of Europeans, then you and your company must comply.
In Part One of our three-part series, we started with a basic overview of who GDPR applies to and the definition of personal data under GDPR. Here in Part Two we will discuss key elements such as consent and online data technologies, privacy notices and cross border transfers. Part Three will dive into understanding individual rights and the obligations of a data controller and data processor.
We’re living in a new era of cyber-threats - and governments have started to take notice. To protect the information of their citizens, they’re implementing new regulations that hit businesses where it really hurts. Here’s what you need to know.
GDPR is a complex regulation comprised of 99 articles. In this 3 part series, we’ll break down the components of GDPR starting with an overview of the regulation and why you need to start preparing now. Part 2 will discuss some of the key elements including obtaining valid consent, online data technologies, privacy notices and cross border transfer. Part 3 will dive deeper into understanding the obligations of a Data Controller and Data Processors, individual rights, and the 72 hour data breach notification requirement.
Preparing for the GDPR leads to many questions for compliance teams, like, can we identify and monitor all websites collecting PII on behalf of our company? Are those collection points secure? Are they accompanied by compliance statements and controls? RiskIQ explores these potential issues and offers tips on how to address them.
Equifax took 40 days to report its breach, which is arguably morally incorrect and unacceptable in today's world. The EU GDPR has a 72-hour breach notification rule. Following the GDPR's example, we recommend a more unified approach.
Reports of the death of File Transfer Protocol (FTP) have circulated ever since Debian Project announced it was sunsetting the popular and long-lived protocol on November 1 later this year. Don't believe it.
Familiar with the ‘General Data Protection Regulation' (GDPR) but not exactly sure what it entails? This piece explains that the GDPR is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for individuals within the European Union (EU).