icon

Compliance

12/19/2018 Compliance

Ask Our VP of Compliance: December 2018

IT Compliance vs. IT Security : “What’s the difference?”

It is without a doubt that 2018 has become the year of IT Compliance. With so many new laws becoming effective, including EU’S GDPR, California’s Data Privacy Law, and Canada’s PIPEDA, the line between security and compliance may seem easily blurred for IT professionals. So, the question becomes: How do we produce a comprehensive security program, while ensuring that we meet compliance obligations? However, there is one problem that surfaces repeatedly, regardless of which regulatory standard (e.g., PCI, HIPAA, etc.) your company must meet, and that is failing to understand the difference between compliance and security. Sometimes organizations think that these are one and the same to the point that they become so consumed by complicated regulations that they stop focusing on security altogether. This month's edition of Ask Our VP of Compliance will address the differences between IT Compliance and IT Security:

  • IT Security: Explained
  • IT Compliance: Explained
  • What Are the Differences? And Why are Both Necessary?
  • How do IT Compliance Management and IT Security Management Integrate?
  • Becoming COMPLIANT and SECURE
12/3/2018 Compliance

Canadian Data Privacy Law: PIPEDA

This November, a new Canadian Data Privacy Law went into effect, called PIPEDA. (The Personal Information Protection and Electronic Documents Act).

 

PIPEDA is similar to other privacy laws in that organizations "must obtain an individual’s consent when they collect, use or disclose that individual’s personal information. People have the right to access their personal information held by an organization. They also have the right to challenge its accuracy." Personal information—including identifiers such as name and age, medical records, financial data and even opinions and evaluations—that is collected under a commercial activity (business transactions, fundraising activities or memberships, for example) falls under PIPEDA protection. Personal information collected for government or by an employer are not covered.

 

Penalties are much lighter for PIPEDA than other privacy regulations. Data breaches are to be reported to the Office of the Privacy Commissioner (OPC). Failure to report a breach to both the OPC and to the affected customers or no record of total data breaches is kept can cost organizations fines as much as $100,000. One thing that makes PIPEDA stand out from other privacy regulations with a national or global scope is that it may not cover all of Canada.

 

It is important to note, that organizations that already meet the standards of GDPR and any U.S. laws are considered to be compliant with PIPEDA.

 

For more information, click here!

11/19/2018 Compliance

Ask Our VP of Compliance: November 2018

With Thanksgiving 2018 season upon us, this article will focus on 1 predominate question, “What is our VP of Compliance Thankful for This Year?”

Sometimes it’s easier to focus on what we don’t have, rather than what we do have. It’s important to take time out and remember all the things to be thankful for that many of us take for granted. This year, I am thankful for:

11/14/2018 Compliance

Seven Firms accused of violating GDPR by Privacy International

On May 25th of 2018, GDPR Became effective, bringing a demanding standard for data protection and privacy rights for individuals from organizations around the world. Privacy International (PI), which is a charity that defends and promotes the right to privacy, accused seven firms of “disregarding data protection principles, including purpose limitation, data minimization and data accuracy”.

 

To prevent and protect other firms from being in the same situation, Digital Edge would like to state some general reminders about the law.

 

10/18/2018 Compliance

Ask Our VP of Compliance: October 2018, The Scariest thing this Halloween is Audits

Cyber security is the protection of systems, networks and data from attack. Cyber security audits examine the threats, vulnerabilities and risks facing your organization and addresses mitigating these risks. When assessing your cyber security there are three key areas to take into account: people, processes and technology. Thorough audits should be performed regularly not only to protect your organization but also to comply with legislation regarding protection of personal data. Digital Edge's VP of Compliance answers the most important questions regarding audits: 

  • What is the difference between a cyber security audit and a cyber security assessment?
  • What do I need to have in place for Incident Response?
  • What if users are my Biggest Security Risk?
  • Why are Cyber Security Audits Important?
10/3/2018 Compliance

Digital Edge’s HIPAA Compliance Self-Assessment

Digital Edge’s HIPAA Compliance Self-Assessment

 

In recent years, security breaches in the healthcare industry have become a lot more prevalent. The rise in data privacy violations, specifically infringements on the security of ePHIs (electronic Protected Health Information), has put millions of health records at risk. Surely, private data such as health information must always stay protected from unauthorized exposure, which is why HIPAA compliance and is critical.

 

HIPAA, or the Health Insurance Portability and Accountability Act, was passed to set the standards for the protection of sensitive healthcare information. It involves setting administrative, technical, and physical safeguards for the security of data.

 

Unsure if you are following the law correctly? Check out Digital Edge’s HIPAA Compliance Self-Assessment here!

 

Don’t wait until it’s too late. Tomorrow starts now! Prioritize your compliance with HIPAA mandates, and establish a credible HIPAA program. Digital Edge is an expert in HIPAA standards. Our team will help to implement policies, standards and practices to cover all HIPAA requirements. 

Contact us today to further explore how our team can provide your business with an unparalleled cybersecurity  compliance solution, with our continued focus on Stability, Security, Efficiency and Compliance

9/29/2018 Compliance

US Data Breach Notification Laws- State by State

All 50 states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring private or governmental entities to notify individuals of security breaches of information involving personally identifiable information.

 

Security breach laws typically have provisions regarding who must comply with the law (e.g., businesses, data/ information brokers, government entities, etc); definitions of “personal information” (e.g., name combined with SSN, driver’s license or state ID, account numbers, etc.); what constitutes a breach (e.g., unauthorized acquisition of data); requirements for notice (e.g., timing or method of notice, who must be notified); and exemptions (e.g., for encrypted information).

9/20/2018 Compliance

Digital Edge Sexual Harassment Policy

Introduction

 

Digital Edge is committed to maintaining a workplace free from sexual harassment. Sexual harassment is a form of workplace discrimination. Digital Edge has a zero-tolerance policy for any form of sexual harassment, and all employees are required to work in a manner that prevents sexual harassment in the workplace. This Policy is one component of Digital Edge’s commitment to a discrimination-free work environment.

 

Sexual harassment is against the law. All employees have a legal right to a workplace free from sexual harassment, and employees can enforce this right by filing a complaint internally with Digital Edge, or with a government agency or in court under federal, state or local antidiscrimination laws.

9/17/2018 Compliance

Ask Our VP of Compliance: September 2018

In 2018, one thing is for certain: changes are happening—fast. Technology changes, as usual, are the focus this year as we watch new innovations unfold, new products emerge, and businesses take hold of new opportunities. However, tech isn’t the only thing changing rapidly. This year, Digital Edge’s Compliance articles have covered brand new regulations that have taken effect, which are likely to have impacted your business. 

 

Businesses must be aware of new laws and policy changes, no matter where they operate or what kind of business it is. A recent article published by Business News Daily says it best, “Staying apprised of policy changes could be the difference between gaining a competitive edge or falling behind due to compliance issues or strategic missteps.”

 

But, what about IT laws and regulations that already exist? Are you aware of what guidelines you should already be following? That is why, Digital Edge's VP of Compliance breaks down all the laws in this months Ask Our VP of Compliance!

9/4/2018 Compliance

DFS 500 Cyber Security Regulation Compliance Deadline: September 4th

Digital Edge Cybersecurity Compliance Team wants to remind you that all DFS Regulated Financial Services Companies are required to comply with the Regulation’s Governance Policies and Procedures, as well as Risk Based Monitoring Systems Requirements and Encryption Programs for Nonpublic Information by September 4, 2018.

 

Beginning on September 4, 2018, banks, insurance companies, and other financial services institutions regulated by DFS are required to have come into compliance with several additional provisions of the cybersecurity regulation that are vital to the governance and components of a robust financial services cybersecurity program.

 

For more information on this regulation deadline, please read more here!

 

As cybersecurity incidents continue to increase in frequency and severity, public companies and financial institutions should expect and prepare for increased regulatory scrutiny in the months ahead.

 

Digital Edge is an expert in ISO standards, and is certified by the International Standard Organization on Information Security and Quality (ISO 27001). There is a clear crosswalk between DFS law and ISO standards. Digital Edge will help to implement policies, standards and practices to cover all DFS requirements based on International Standards Organization framework.

 

Contact us today to further explore how our team can provide your business with an unparalleled cybersecurity solution, with our continued focus on StabilitySecurityEfficiency and Compliance

Let's talk: +1 (718)-370-3353

Speak to a specialist