Browsed by
Category: Compliance

Any blog around compliance

EU-US Privacy Shield Revoked: What This Means for EU-US Commercial Data Transfers

EU-US Privacy Shield Revoked: What This Means for EU-US Commercial Data Transfers

Europe’s top court, the Court of Justice of the European Union, recently struck down the EU-US data privacy arrangement known as Privacy Shield, which many organizations rely on when transferring data from the EU to the United States. Privacy Shield was enacted in 2016 to replace the Safe Harbor Privacy Principles, which was declared invalid by the same court in 2015. In addition to replacing Safe Harbor, it aimed to protect the fundamental rights of anyone in the EU whose…

Read More Read More

A Guide to California Consumer Privacy Act (CCPA) Compliance in 2020

A Guide to California Consumer Privacy Act (CCPA) Compliance in 2020

The California Consumer Privacy Act was signed into law in 2018 and went into effect on January 1st, 2020. With the EU’s GDPR paving the way, CCPA has a significant impact on how enterprises manage security and compliance for user data, as well as how data breaches are handled.  Simply put, the CCPA gives residents of the state of California greater control over their personal data, requiring companies to be more transparent about the data collected and stored about consumers. Businesses with practices in place to comply with GDPR are at an advantage, however, CCPA has…

Read More Read More

Sensitive Data Discovery for Compliance

Sensitive Data Discovery for Compliance

The industrial revolution began in the late 18th century and revolutionized the manufacturing process; in a similar manner, the digital revolution happening now is fundamentally changing the way that organizations conduct business. The Digital revolution is all about the digital transformation of how business is conducted in today’s connected world. By migrating data from paper archives to the digital world, businesses can now integrate and utilize relevant data in our day-to-day lives.  It has nothing to do with the evolution…

Read More Read More

Key Requirements of the NY SHIELD Act and How to be Compliant

Key Requirements of the NY SHIELD Act and How to be Compliant

As more and more attacks are occurring each year with a record 4.1 billion records breached in just the first half of 2019, according to Forbes– data security regulation is becoming more of a priority. Just as we suspected with the signing of the GDPR regulation in the EU, similar regulation has sprung up in the U.S with the CCPA on the west coast in California and most recently spreading to the east coast in New York with the signing…

Read More Read More

What is the California Consumer Privacy Act (CCPA)?

What is the California Consumer Privacy Act (CCPA)?

The EU GDPR took the world by storm, upping the compliance ‘ante’, causing other countries to follow suit in protecting consumer privacy. While the United States hasn’t implemented any federal regulation of this sort, many states have begun to implement their own regulations at the state level. For California, the clock has already begun ticking with the California Consumer Privacy Act (CCPA), a GDPR like regulation with a compliance timeline of January 1st, 2020.   The CCPA introduces sweeping legislation providing…

Read More Read More

What is the NYDFS Cybersecurity Regulation?

What is the NYDFS Cybersecurity Regulation?

The New York Department of Financial Services released the NYDFS Cybersecurity Regulation (23 NYCRR 500) in 2017, a set of regulations that place cybersecurity requirements on all DFS regulated entities. This regulation was put into effect at a time where cybersecurity threats are growing, with players coming from nation-states such as Russia, to independent criminal actors, or even terrorist organizations. The goal of this regulation is to not only protect customer information but to also protect a company’s own assets. …

Read More Read More

What is APRA’s CPS 234? Part 2

What is APRA’s CPS 234? Part 2

This is our second part of a two-part series regarding APRA’s new prudential standard of CPS 234 and how this can potentially impact an organisation. Part 1 focused primarily on the background of the CPS 234 and the beginning of the controls necessary to put in place to begin getting ready. Today we are going to talk about the additional steps necessary around risk management and some of the best practices to assist with that risk management in regards to…

Read More Read More

What is APRA’s CPS 234? Part 1

What is APRA’s CPS 234? Part 1

If you are located in Australia or do business in Australia, you may be an Australian Prudential Regulation Authority (APRA) regulated entity. If you are unsure, take a trip to APRA’s website and see whether it’s applicable to you or not. For the sake of this blog let’s say you are regulated or are just interested in what it means if you are. In that case, you may be subject to the new prudential standard of CPS 234. So, What…

Read More Read More

Office 365 Security and Compliance: Admin Guide to Creating Labels and DLP Policies

Office 365 Security and Compliance: Admin Guide to Creating Labels and DLP Policies

Data loss is defined as data that gets misplaced, removed without authorization, leaked outside of the organization or otherwise corrupted perhaps due to malware. Failure to prevent data from being ‘lost’ can result in hefty fines, especially for organizations that have to comply with the General Data Protection Regulations (GDPR) where they can be fined up to 20 million Euros, or 4% of annual, worldwide turnover. In this guide, I will show you how you can leverage Microsoft Office 365…

Read More Read More

Taking a Data Centric Audit and Protection (DCAP) Approach Avoids the Weaknesses of a Siloed Data Security Strategy

Taking a Data Centric Audit and Protection (DCAP) Approach Avoids the Weaknesses of a Siloed Data Security Strategy

Data Centric Audit and Protection (DCAP) is a term defined by Gartner back in 2017 in response to the weaknesses of the Data Security Governance practices at the time. At that time, data protection strategies focused on the security of the application, or storage system that contained the data. This focus led to a variety of technology-specific security tools which tended to be owned and managed by different teams within IT. This siloed approach to data security worked well as…

Read More Read More

Start a Free Stealthbits Trial!

No risk. No obligation.