Compliance

How do you advise clients to navigate all these new cybersecurity laws that vary by jurisdiction?

in my personal opinion, potentially unconstitutional. 

The IRS has recently issued a regulation in response to the large number of data breaches surrounding taxpayers data. It lays out the basic necessary actions needed to take to protect your data.

It’s 2019, and we are connected to everything, creating massive amounts of data which has been rather enticing to cyber criminals.

California’s IoT Law is a first for the nation, but likely not the last of its kind. The State of California has taken a leadership role toward cybersecurity and protecting its residents’ personal information in particular.

New York has enacted the SHEILD Act to better protect residents of their private information against data breaches. The Act takes effect March 21st, 2020. Luckily, our VP of Compliance covers all the necessary topics in regards to this law. This month, we cover everything you need to know about this law and how to stay in compliance with it! 

This edition we answer:

• What does SHIELD stand for?
• What do I need to do to comply?
• What is considered "Personal Information"?
• What are "reasonable" data security requirements?
• Would the SHIELD Act include any exceptions for small businesses?
• What are the proposed penalties for noncompliance?
• How can DE help me stay in compliance?

In the beginning of the year, we came out with an article discussing GDPR- one year since passing. It was clear that GDPR wasn't something to be taken lightly as the fines stacked up for many companies. Now we have the visual proof. 

A big misunderstanding we see every day when working with clients is that security can be ensured by buying a device, or implementing a software, or changing one small thing. However, security is an ongoing process- it's an attitude. With constant threats emerging, IT security governance is imperative. Our VP of Compliance dedicates this edition to fully understanding IT Security Governance! 

A common question topic posed to me, the VP of Compliance, from both non-IT and IT professionals alike revolve around the concept of RPO and RTO with regards to Business Continuity Management.  Recovery Point Objective (RPO) and Recovery Time Objective (RTO) are two of the most important parameters of a sound disaster recovery plan.

This month, I explain everything you need to know about RPO and RTO! 

Happy Birthday GDPR! On May 25^th, internationally we will be “celebrating” the first anniversary of the EU’s General Data Protection Regulation (GDPR). Nearly one year later, have the stricter rules really made a difference? Consumers are definitely seeing more pop-up privacy notices online, thanks to GDPR, but for now the astronomical fines the new regulations threatened have not yet surfaced.

Vendor Management Requirements in CyberSecurity Standards

Are you in control of third-party risk? Do you have a sound vendor management department? Do you audit your suppliers?