NIST

Implementing the NIST Privacy Framework – Identify Function

The National Institute of Standards and Technology (NIST) Privacy Framework, published in January 2020, is quickly becoming the mainstream control set for organizations to align with when assessing their data privacy posture, developing readiness roadmaps, and maturing their privacy program. We have previously written about how the controls in the NIST Privacy can be mapped to…
Read More
UK

UK Proposes Reforms to Data Protection Laws

On 10 September 2021, the UK Government’s Department for Digital, Culture, Media, and Sport (DCMS) published its long-awaited proposals for reform of the country’s data protection laws. The consultation paper includes a detailed and comprehensive set of suggested amendments to the UK GDPR, Data Protection Act 2018, and Privacy and Electronic Communications Regulations (PECR), with…
Read More
Data Security

The Impact of Data Security Incident Trends on Commercial Transactions

The 2021 edition of BakerHostetler’s annual Data Security Incident Response Report – a report based on the firm’s experience with data security incident response and litigation over the past year – features a number of important insights previously covered on this blog including trends in global breach notification, healthcare industry risks and ransomware. The Report is a helpful tool for companies…
Read More
Privacy Law

Colorado Privacy Act: Another Piece to the Data Privacy Puzzle

Introduction Privacy laws have entered the compliance world by storm and are quickly changing data privacy practices. The most recent state, Colorado, passed the Colorado Privacy Act (CPA) into law on July 7, 2021. This new act follows California’s Consumer Privacy Act (CCPA) but calls out several additional rights, actions, and policies. The CPA pulls…
Read More
Cybersecurity

How Cybersecurity Frameworks Can Protect Your Organization (Even in the Event of a Breach)

It’s certainly no secret how damaging data breaches can be for organizations today. And if lost revenue and a tarnished reputation aren’t enough to make you want to act, your organization could face punitive damages if you fail to protect your customers’ private information. Yes, that’s right—steep fines imposed by regulatory agencies can await those…
Read More
CCPA

CCPA Enforcement is Picking Up. Are you Ready?

Although the California Consumer Privacy Act (“CCPA”) has been in effect since January 1, 2020 and subject to enforcement since July 1, 2020, it seemed until recently that compliance had been somewhat spotty. Well, it’s time to wake from your compliance slumbers and start paying attention because California’s new Attorney General (“AG”) Rob Bonta has…
Read More
Cybersecurity

The 3 Biggest Mistakes the Board can Make around Cybersecurity

Although the topic of cybersecurity is now definitely on the board’s agenda in most organizations, it is rarely a fixed item. More often than not, it makes appearances at the request of the Audit & Risk Committee or after a question from a non-executive director, or – worse – in response to a security incident…
Read More
Cybersecurity

Why Cybersecurity Tools Aren’t Enough

By JC Gaillard, Managing Director at Corix Partners Irrespective of what many of us may say or write, the cybersecurity agenda remains dominated by products and technology. Of course, the problem has a technical dimension and the protection of any firm against cyber threats will require the application of technical countermeasures at a number of…
Read More
Cyber Security Leaders

How to Build Back Better With Cybersecurity as a Core Principal

By JC Gaillard A comment left on one of my articles made me think: How can cybersecurity leaders drive a long-term transformative agenda, with a business and a board that cannot see beyond the short-term? I see several angles worth discussing around the way the question was put, which may help break some deadlocks. Endemic…
Read More
Back To Top