Third Party Compliance Archives

A Guide to New Draft SCCs–and the EDPB’s Response

February 11, 2021
Max Totsky
Banks, Cybersecurity, Data Privacy, Data Protection, European Union, GDPR, International Agreements, Privacy Shield, Third Party Compliance, Uncategorized

Ever since the EU-US Privacy Shield was struck down in Schrems 2.o, companies have been scrambling to figure out how to safely transfer data in and out of the EU while remaining compliant with the General Data Protection Regulation (GDPR). At this point, the general consensus is that transfers from the EU should only be…

To access this post, you must purchase Student, Government or Professional.

2020 News in Review

January 4, 2021
Tim Crino
Africa, Artificial Intelligence, Banks, Biometric, Brazil, Breach prevention, Breach response, Business Continuity, C-Suite, Canada, CCPA, CISO, CMMC, CNIL, Compliance, Consumer Privacy, COVID-19, Cyber Fraud, Cybercrime, Cybersecurity, Data Mapping and Inventory, Data Privacy, Data Protection, Data Rights Management (DRM), data trusts, differential privacy, DPO, Dubai, European Union, Federal Reserve, Federated Learning, Financial Services, GDPR, GLBA, Governance, Government Contracting, Hiring, Hybrid, International Agreements, Investigations, Japan, Machine Learning, New York State, NIST, Penalties and Enforcement, Phishing, Privacy, Privacy Shield, Project Management, Resilience, State Laws, Third Party Compliance, United Kingdom, US Regulatory, Work from Home

Week Ending December 28 ICO Warns SolarWinds Victims to Report Breaches The United Kingdom’s Information Commissioner’s Office (ICO) has issued a warning to organizations compromised by the SolarWinds breach. The breach, which was carried out by Russian hackers, affected more than 18000 organizations worldwide. ICO requires UK data controllers subject to NIS regulations to report…

To access this post, you must purchase Student, Government or Professional.

What We Can Learn From the SolarWinds Breach

December 22, 2020
Max Totsky
Breach prevention, Breach response, Business Continuity, Consumer Privacy, Cyber Fraud, Cybercrime, Cybersecurity, Data Privacy, Data Protection, Government Contracting, Privacy, Third Party Compliance
0 Comments

SolarWinds, a network management software company, found itself the direct victim of an insidious malware breach last week that had been in the works for months. The hack involved the installation of malware onto an updated version of their software,…

How to Manage Third-Party Risk With Increased Number of Remote Workers

July 9, 2020
Max Totsky
Business Continuity, Compliance, COVID-19, Data Protection, Resilience, Third Party Compliance, Work from Home

Any compliance officer knows the importance of third-party risk management (TPRM)–and that keeping vendors in compliance with data privacy and protection laws is a continuous process. But, since the Covid-19 pandemic has forced most businesses to work remotely, overseeing vendor compliance has become much more difficult due to lack of a centralized operation. That’s in…

To access this post, you must purchase Student, Government or Professional.

Explaining the DoD’s New Cybersecurity Certification

March 3, 2020
Max Totsky
Compliance, Cybersecurity, Government Contracting, Third Party Compliance, Training and Education
0 Comments

By 2026, any contractor that works with the Department of Defense must meet the standards set by version 1.0 of its Cybersecurity Maturity Model Certification (CMMC). The Pentagon released the new standards on Jan 31, which will require third-party certification…

Travelex Restores Service After Six Week Outage

On Feb. 13, foreign-currency exchange company Travelex, which is owned by Abu Dhabi-based Finablr, reported that it had restored the majority of its customer-facing services, and resumed normal business operations in the UK, Europe, North America, the Middle East &…

Opinion: Privacy Predictions for 2020

February 11, 2020
Gene Ret
Biometric, Privacy, Third Party Compliance
0 Comments

The evolution of privacy requirements and risks has progressed at lightning speed; we’re a far cry from listing “dumpster diving” as a critical risk in exposing personally identifiable information (PII) as we did 20 years ago. Paper shredding may still…

How To Continually Assess If Your Vendors Are In Compliance

February 11, 2020
Olayinka Odeniran
Compliance, Cybersecurity, Third Party Compliance
0 Comments

Outsourcing some of your business operations to a third-party vendor comes with a lot of perks - like improving operational efficiency by saving money on infrastructure and maintenance - as is the case when moving data into cloud platforms. However,…