Third Party Compliance Archives

Implementing the NIST Privacy Framework – Identify Function

September 23, 2021
Editorial Team
Compliance, Consumer Privacy, Cybersecurity, Data Mapping and Inventory, Data Privacy, Data Security, Governance, NIST, Privacy, Third Party Compliance

The National Institute of Standards and Technology (NIST) Privacy Framework, published in January 2020, is quickly becoming the mainstream control set for organizations to align with when assessing their data privacy posture, developing readiness roadmaps, and maturing their privacy program. We have previously written about how the controls in the NIST Privacy can be mapped to…

Become a member to access this content.

How India’s DEPA Framework Uses Software to Empower Privacy Compliance

August 13, 2021
Max Totsky
Consumer Privacy, Data Privacy, Data Protection, Data Rights Management (DRM), GDPR, India, Privacy, Third Party Compliance

As detailed as laws like the General Data Protection Regulation (GDPR) and the California Privacy Rights Act (CPRA) are, there is no one-size-fits-all framework for data privacy. You may know the rules, but how do you make sure you and the rest of your organization are following them? More specifically, how do you implement privacy-focused…

Become a member to access this content.

A Guide to New Draft SCCs–and the EDPB’s Response

February 11, 2021
Max Totsky
Banks, Cybersecurity, Data Privacy, Data Protection, European Union, GDPR, International Agreements, Privacy Shield, Third Party Compliance, Uncategorized

Ever since the EU-US Privacy Shield was struck down in Schrems 2.o, companies have been scrambling to figure out how to safely transfer data in and out of the EU while remaining compliant with the General Data Protection Regulation (GDPR). At this point, the general consensus is that transfers from the EU should only be…

Become a member to access this content.

2020 News in Review

January 4, 2021
Tim Crino
Africa, Artificial Intelligence, Banks, Biometric, Brazil, Breach prevention, Breach response, Business Continuity, C-Suite, Canada, CCPA, CISO, CMMC, CNIL, Compliance, Consumer Privacy, COVID-19, Cyber Fraud, Cybercrime, Cybersecurity, Data Mapping and Inventory, Data Privacy, Data Protection, Data Rights Management (DRM), data trusts, differential privacy, DPO, Dubai, European Union, Federal Reserve, Federated Learning, Financial Services, GDPR, GLBA, Governance, Government Contracting, Hiring, Hybrid, International Agreements, Investigations, Japan, Machine Learning, New York State, NIST, Penalties and Enforcement, Phishing, Privacy, Privacy Shield, Project Management, Resilience, State Laws, Third Party Compliance, United Kingdom, US Regulatory, Work from Home

Week Ending December 28 ICO Warns SolarWinds Victims to Report Breaches The United Kingdom’s Information Commissioner’s Office (ICO) has issued a warning to organizations compromised by the SolarWinds breach. The breach, which was carried out by Russian hackers, affected more than 18000 organizations worldwide. ICO requires UK data controllers subject to NIS regulations to report…

Become a member to access this content.

What We Can Learn From the SolarWinds Breach

December 22, 2020
Max Totsky
Breach prevention, Breach response, Business Continuity, Consumer Privacy, Cyber Fraud, Cybercrime, Cybersecurity, Data Privacy, Data Protection, Government Contracting, Privacy, Third Party Compliance

SolarWinds, a network management software company, found itself the direct victim of an insidious malware breach last week that had been in the works for months. The hack involved the installation of malware onto an updated version of their software, which was downloaded by over 18,000 customers, including approximately 421 Fortune 500 companies–and large swaths…

Become a member to access this content.

How to Manage Third-Party Risk With Increased Number of Remote Workers

July 9, 2020
Max Totsky
Business Continuity, Compliance, COVID-19, Data Protection, Resilience, Third Party Compliance, Work from Home

Any compliance officer knows the importance of third-party risk management (TPRM)–and that keeping vendors in compliance with data privacy and protection laws is a continuous process. But, since the Covid-19 pandemic has forced most businesses to work remotely, overseeing vendor compliance has become much more difficult due to lack of a centralized operation. That’s in…

Become a member to access this content.

Explaining the DoD’s New Cybersecurity Certification

March 3, 2020
Max Totsky
Compliance, Cybersecurity, Government Contracting, Third Party Compliance, Training and Education

By 2026, any contractor that works with the Department of Defense must meet the standards set by version 1.0 of its Cybersecurity Maturity Model Certification (CMMC). The Pentagon released the new standards on Jan 31, which will require third-party certification of cyber resilience from DoD contractors and subcontractors. For contractors who hope to work with…

Become a member to access this content.

Travelex Restores Service After Six Week Outage

On Feb. 13, foreign-currency exchange company Travelex, which is owned by Abu Dhabi-based Finablr, reported that it had restored the majority of its customer-facing services, and resumed normal business operations in the UK, Europe, North America, the Middle East & Turkey, Australia & New Zealand. Travelex had been completely or partially offline in these regions…

Become a member to access this content.

Opinion: Privacy Predictions for 2020

February 11, 2020
Gene Ret
Biometric, Privacy, Third Party Compliance

The evolution of privacy requirements and risks has progressed at lightning speed; we’re a far cry from listing “dumpster diving” as a critical risk in exposing personally identifiable information (PII) as we did 20 years ago. Paper shredding may still have its place in security protocols for now, but today, the rapid advancement of technology…

Become a member to access this content.

How To Continually Assess If Your Vendors Are In Compliance

February 11, 2020
Olayinka Odeniran
Compliance, Cybersecurity, Third Party Compliance

Outsourcing some of your business operations to a third-party vendor comes with a lot of perks – like improving operational efficiency by saving money on infrastructure and maintenance – as is the case when moving data into cloud platforms. However, hiring a vendor doesn’t mean you’re off the hook when it comes to securing your…

Become a member to access this content.