NIST

Implementing the NIST Privacy Framework – Identify Function

The National Institute of Standards and Technology (NIST) Privacy Framework, published in January 2020, is quickly becoming the mainstream control set for organizations to align with when assessing their data privacy posture, developing readiness roadmaps, and maturing their privacy program. We have previously written about how the controls in the NIST Privacy can be mapped to…
Read More
Third Party

How India’s DEPA Framework Uses Software to Empower Privacy Compliance

As detailed as laws like the General Data Protection Regulation (GDPR) and the California Privacy Rights Act (CPRA) are, there is no one-size-fits-all framework for data privacy. You may know the rules, but how do you make sure you and the rest of your organization are following them? More specifically, how do you implement privacy-focused…
Read More

A Guide to New Draft SCCs–and the EDPB’s Response

Ever since the EU-US Privacy Shield was struck down in Schrems 2.o, companies have been scrambling to figure out how to safely transfer data in and out of the EU while remaining compliant with the General Data Protection Regulation (GDPR). At this point, the general consensus is that transfers from the EU should only be…
Read More

2020 News in Review

Week Ending December 28  ICO Warns SolarWinds Victims to Report Breaches  The United Kingdom’s Information Commissioner’s Office (ICO) has issued a warning to organizations compromised by the SolarWinds breach. The breach, which was carried out by Russian hackers, affected more than 18000 organizations worldwide. ICO requires UK data controllers subject to NIS regulations to report…
Read More

What We Can Learn From the SolarWinds Breach

SolarWinds, a network management software company, found itself the direct victim of an insidious malware breach last week that had been in the works for months. The hack involved the installation of malware onto an updated version of their software, which was downloaded by over 18,000 customers, including approximately 421 Fortune 500 companies–and large swaths…
Read More
Third Party Risk Management

How to Manage Third-Party Risk With Increased Number of Remote Workers

Any compliance officer knows the importance of third-party risk management (TPRM)–and that keeping vendors in compliance with data privacy and protection laws is a continuous process. But, since the Covid-19 pandemic has forced most businesses to work remotely, overseeing vendor compliance has become much more difficult due to lack of a centralized operation. That’s in…
Read More
DoDs New Cybersecurity Certification

Explaining the DoD’s New Cybersecurity Certification

By 2026, any contractor that works with the Department of Defense must meet the standards set by version 1.0 of its Cybersecurity Maturity Model Certification (CMMC). The Pentagon released the new standards on Jan 31, which will require third-party certification of cyber resilience from DoD contractors and subcontractors. For contractors who hope to work with…
Read More
Travelex Ransomware

Travelex Restores Service After Six Week Outage

On Feb. 13, foreign-currency exchange company Travelex, which is owned by Abu Dhabi-based Finablr, reported that it had restored the majority of its customer-facing services, and resumed normal business operations in the UK, Europe, North America, the Middle East & Turkey, Australia & New Zealand. Travelex had been completely or partially offline in these regions…
Read More
2020 Privacy Predictions

Opinion: Privacy Predictions for 2020

The evolution of privacy requirements and risks has progressed at lightning speed; we’re a far cry from listing “dumpster diving” as a critical risk in exposing personally identifiable information (PII) as we did 20 years ago. Paper shredding may still have its place in security protocols for now, but today, the rapid advancement of technology…
Read More
Third Part Vendor Compliance

How To Continually Assess If Your Vendors Are In Compliance

Outsourcing some of your business operations to a third-party vendor comes with a lot of perks – like improving operational efficiency by saving money on infrastructure and maintenance – as is the case when moving data into cloud platforms. However, hiring a vendor doesn’t mean you’re off the hook when it comes to securing your…
Read More
Back To Top