The New York State Department of Financial Services’ (DFS) mandatory cybersecurity requirements for financial services entities became effective on March 1st, 2017, with a two-year implementation period. The regulation requires all DFS regulated entities, subject to certain exemptions, to adopt the core requirements of a cybersecurity program. The final effective date for the regulation will be March 1, 2019, by which time, under section 500.11, DFS regulated entities are required to have written policies and procedures that are based on a risk assessment to ensure the security of nonpublic information and information systems that are accessed or held by third party service providers.
DFS has come out with the dates all regulated entities and licensed persons must files various notices to the Superintendent. The final one being next month, February 15th 2019.
For over 2 years, Digital Edge has been working with the Panama Maritime Authority, developing and establishing a digitized platform. The project has proven to be very successful, making it easier to operate and administer the annual safety inspections of all its registered vessels.
IT Compliance vs. IT Security : “What’s the difference?”
It is without a doubt that 2018 has become the year of IT Compliance. With so many new laws becoming effective, including EU’S GDPR, California’s Data Privacy Law, and Canada’s PIPEDA, the line between security and compliance may seem easily blurred for IT professionals. So, the question becomes: How do we produce a comprehensive security program, while ensuring that we meet compliance obligations? However, there is one problem that surfaces repeatedly, regardless of which regulatory standard (e.g., PCI, HIPAA, etc.) your company must meet, and that is failing to understand the difference between compliance and security. Sometimes organizations think that these are one and the same to the point that they become so consumed by complicated regulations that they stop focusing on security altogether. This month's edition of Ask Our VP of Compliance will address the differences between IT Compliance and IT Security:
Marriott International, a large American hotel chain, recently has had one of the largest breaches in history. This breach may have been prevented with a proper implementation of a cybersecurity system. Cybersecurity defenses protect against major attacks, ensuring no data loss. Implementing a cybersecurity system isn’t free, but the price of handling an attack is much greater.
This November, a new Canadian Data Privacy Law went into effect, called PIPEDA. (The Personal Information Protection and Electronic Documents Act).
PIPEDA is similar to other privacy laws in that organizations "must obtain an individual’s consent when they collect, use or disclose that individual’s personal information. People have the right to access their personal information held by an organization. They also have the right to challenge its accuracy." Personal information—including identifiers such as name and age, medical records, financial data and even opinions and evaluations—that is collected under a commercial activity (business transactions, fundraising activities or memberships, for example) falls under PIPEDA protection. Personal information collected for government or by an employer are not covered.
Penalties are much lighter for PIPEDA than other privacy regulations. Data breaches are to be reported to the Office of the Privacy Commissioner (OPC). Failure to report a breach to both the OPC and to the affected customers or no record of total data breaches is kept can cost organizations fines as much as $100,000. One thing that makes PIPEDA stand out from other privacy regulations with a national or global scope is that it may not cover all of Canada.
It is important to note, that organizations that already meet the standards of GDPR and any U.S. laws are considered to be compliant with PIPEDA.
For more information, click here!
With Thanksgiving 2018 season upon us, this article will focus on 1 predominate question, “What is our VP of Compliance Thankful for This Year?”
Sometimes it’s easier to focus on what we don’t have, rather than what we do have. It’s important to take time out and remember all the things to be thankful for that many of us take for granted. This year, I am thankful for:
On May 25th of 2018, GDPR Became effective, bringing a demanding standard for data protection and privacy rights for individuals from organizations around the world. Privacy International (PI), which is a charity that defends and promotes the right to privacy, accused seven firms of “disregarding data protection principles, including purpose limitation, data minimization and data accuracy”.
To prevent and protect other firms from being in the same situation, Digital Edge would like to state some general reminders about the law.
Digital Edge started hosting an Annual Client Appreciation Concert to show our love and support for the arts community. This being the first event, it had a great turn out!
You have your corporate email defenses lined up. While you may be using an out of the box product such as Microsoft O365 or something more sophisticated like ProofPoint – here is what you need to know.
Although you might be as safe and secure as possible you should still be aware of the vulnerablities that exist and can affect you.
Unless users are restricted from using mobile email apps, there is nothing that can protect you. This risk extends even to disclosure of your corporate authentication.
Cyber security is the protection of systems, networks and data from attack. Cyber security audits examine the threats, vulnerabilities and risks facing your organization and addresses mitigating these risks. When assessing your cyber security there are three key areas to take into account: people, processes and technology. Thorough audits should be performed regularly not only to protect your organization but also to comply with legislation regarding protection of personal data. Digital Edge's VP of Compliance answers the most important questions regarding audits: