9 U.S. States Pass New or Expanded Data Breach Laws

9 U.S. States Pass New or Expanded Data Breach Laws

In the absence of federal action, states have been actively passing new and expanded requirements for privacy and cybersecurity. While laws like the California Consumer Privacy Act (CCPA) are getting all the attention, many states are actively amending their breach...
NIST CSF – Part 3 – Detect

NIST CSF – Part 3 – Detect

The NIST Cyber Security Framework (NIST CSF) is the result of a February 2013 Executive Order titled “Improving Critical Infrastructure Cybersecurity” and 10 months of collaborative discussions with more than 3,000 security professionals. It comprises a risk-based...
Where are your data protection blindspots?

Where are your data protection blindspots?

Data security and privacy were named as top issues for 2019. Data loss prevention requires a comprehensive strategy to identify, protect and monitor sensitive information.  As most organizations do not 100% know what data they have stored (often over many years and...
SOC2 for Small Businesses

SOC2 for Small Businesses

More and more we see small businesses being asked by their clients for some sort of assurance that the data shared with them is kept secure and private. Many times a SOC 2 certification is being requested.  If this happens to you (or your client), the question is...
National breach notification law would usurp patchwork of state laws

National breach notification law would usurp patchwork of state laws

A bill is pending to amend the Gramm-Leach-Bliley Act (GLBA) to include a national data breach notification law that would supersede the various state laws that now apply to the financial sector. This initiative has the support of the American Bankers Association...
Help! I have data that falls under GDPR, do I have to appoint a DPO?

Help! I have data that falls under GDPR, do I have to appoint a DPO?

The new European Union the General Data Protection Regulation (GDPR) has been widely publicized. There are many questions surrounding GDPR and frankly many misunderstandings. One that we hear quite often is when an organization falls under the GDPR,  you must appoint...