How to Use New CSBS Cybersecurity Examination Tool

Any nonbank institution looking to protect against, mitigate and respond to cybersecurity threats should take advantage of the Conference of State Bank Supervisors’ (CSBS) new cybersecurity examination tool.  Unveiled during the Nationwide Multistate Licensing System Annual Conference in February, the resource is designed for state regulators to use during examinations, and for organizations to self-evaluate…
Read More

EU Releases Draft Decision on UK Data Privacy Standards

Since the start of 2021, post-Brexit data relationships between the European Union and the United Kingdom have been governed by The EU-UK Trade and Cooperation Agreement, which established a 4-6 month temporary period where data could flow freely between the two jurisdictions.  Beyond that, the future was unclear. The grace period could have been extended…
Read More

A Guide to New Draft SCCs–and the EDPB’s Response

Ever since the EU-US Privacy Shield was struck down in Schrems 2.o, companies have been scrambling to figure out how to safely transfer data in and out of the EU while remaining compliant with the General Data Protection Regulation (GDPR). At this point, the general consensus is that transfers from the EU should only be…
Read More

2020 News in Review

Week Ending December 28  ICO Warns SolarWinds Victims to Report Breaches  The United Kingdom’s Information Commissioner’s Office (ICO) has issued a warning to organizations compromised by the SolarWinds breach. The breach, which was carried out by Russian hackers, affected more than 18000 organizations worldwide. ICO requires UK data controllers subject to NIS regulations to report…
Read More

What We Can Learn From the SolarWinds Breach

SolarWinds, a network management software company, found itself the direct victim of an insidious malware breach last week that had been in the works for months. The hack involved the installation of malware onto an updated version of their software, which was downloaded by over 18,000 customers, including approximately 421 Fortune 500 companies–and large swaths…
Read More

2021 Forecast for Data Privacy Legislation

2020 was a massive year for data privacy. New laws became effective all around the world and, in turn, organizations were forced to amp up their data privacy measures to comply. Data privacy regulations are only getting stricter, and that won’t change any time soon. There is no reason to expect 2021 to be any…
Read More
Does Your Organization Need A Chief Privacy Officer

Does Your Organization Need a Chief Privacy Officer?

As the presence of global data privacy legislation continues to rise, so does the importance of privacy-related positions. The EU’s General Data Protection Regulation (GDPR) mandates that companies hire a Data Protection Officer, and related roles like Chief Information Security Officer (CISO) have also become more valued. One of the most concrete action items a…
Read More

New Zealand’s Data Privacy Law Now Effective

On December 1, New Zealand’s new data privacy law took effect.  The Privacy Act 2020 impacts every organization with a physical or virtual presence in New Zealand. Any offshore organization that collects data from New Zealanders must comply.  This marks the suspension of 1993’s Privacy Act and puts the pressure on organizations to handle data…
Read More

CMMC is Official! What This Means to You Now

CMMC is Official! What This Means to You Now WATCH NOW One Hour CMMC is Official! What This Means to You NowOn November 30th, the interim DFARS Case 2019–D041 becomes effective as the rule formally putting the CMMC cybersecurity regulation…

Read More
Back To Top