regulation
Data breach reports delayed as organizations struggle to achieve GDPR compliance
Businesses routinely delayed data breach disclosure and failed to provide important details to the ICO in the year prior to the GDPR’s enactment. On average, businesses waited …
Is 2019 the year national privacy law is established in the US?
Data breaches and privacy violations are now commonplace. Unfortunately, the consequences for US companies involved can be complicated. A company’s obligation to a person …
8 months of GDPR: 59,000+ reported breaches, 91 fines
A little over eight months have passed since the EU General Data Protection Regulation (GDPR) became enforceable, but it’s becoming clear that sweeping data breaches …
Four differences between the GDPR and the CCPA
By passing the California Consumer Privacy Act (CCPA), which goes into effect on January 1, 2020, the Golden State is taking a major step in the protection of consumer data. …
Debunking conventional wisdom to get out of the security and privacy rut
Given the unprecedented rate of technological change, the dizzying news cycle, and an always-on social media mentality, it may be surprising to learn that when it comes to …
Industry reactions to Google’s €50 million GDPR violation fine
On 21 January 2019, the French National Data Protection Commission (CNIL) imposed a financial penalty of €50 million against Google, in accordance with the GDPR. This is the …
New requirements for the secure design and development of modern payment software
The PCI Security Standards Council (PCI SSC) published new requirements for the secure design and development of modern payment software. The PCI Secure Software Standard and …
GDPR: Five tips for organizations to remain compliant
For the majority of UK businesses, a huge amount of time and resource was invested to become GDPR compliant in time for the May 2018 deadline. The cost of implementing GDPR …
Measuring privacy operations: Use of technology on the rise
Critical privacy program activities such as creating data inventories, conducting data protection impact assessments (DPIA), and managing data subject access rights requests …
Why compliance is never enough
Organizations are well aware of the security risks inherent in our hyper-connected world. However, many are making the mistake of focusing their attention on being compliant …
Privacy laws do not understand human error
In a world of increasingly punitive regulations like GDPR, the combination of unstructured data and human error represents one of the greatest risks an organization faces. …
Implications of the NIS Directive for the industrial sector
On July 6, 2018 the NIS (Network and Information System) Directive was enacted as the first EU-wide legislation that provides measures to boost security across the region. …