IoT

Diving Into IoT Data? Here Are Some Privacy Considerations

Many insurers contemplate using data from internet-connected devices, including wearables, for a deep dive into wearers’ lifestyles and invaluable insights for automated underwriting. Before diving into the deep end, there are numerous privacy considerations. To ensure your IoT data does not plunge you into trouble: Adjust your data map. Begin by drawing out all the…
Read More
OCC

What’s the OCC Banking Regulatory Outlook for 2022?

As the year’s end approaches, the US Office of the Comptroller of the Currency (OCC), a primary US banking regulator, has published its Banking Supervision Operating Plan for 2022. As you might expect, much of the OCC’s focus is on managing the repercussions of the pandemic and the resulting economic, financial, operational, and compliance implications. The specific points it…
Read More
ZTA

An Understandable Guide to Zero Trust Architecture (“ZTA”)

While cybersecurity professionals are generally nice people, and I have nothing against them, they have trust issues. Their spouse, friends, and family may not appreciate the lack of trust, but it goes a long way towards protecting the systems entrusted to them. Cybersecurity best practices are to employ a Zero Trust Architecture (“ZTA”) to the…
Read More
NIST

Implementing the NIST Privacy Framework – Identify Function

The National Institute of Standards and Technology (NIST) Privacy Framework, published in January 2020, is quickly becoming the mainstream control set for organizations to align with when assessing their data privacy posture, developing readiness roadmaps, and maturing their privacy program. We have previously written about how the controls in the NIST Privacy can be mapped to…
Read More
Third Party

How India’s DEPA Framework Uses Software to Empower Privacy Compliance

As detailed as laws like the General Data Protection Regulation (GDPR) and the California Privacy Rights Act (CPRA) are, there is no one-size-fits-all framework for data privacy. You may know the rules, but how do you make sure you and the rest of your organization are following them? More specifically, how do you implement privacy-focused…
Read More

A Guide to New Draft SCCs–and the EDPB’s Response

Ever since the EU-US Privacy Shield was struck down in Schrems 2.o, companies have been scrambling to figure out how to safely transfer data in and out of the EU while remaining compliant with the General Data Protection Regulation (GDPR). At this point, the general consensus is that transfers from the EU should only be…
Read More

2020 News in Review

Week Ending December 28  ICO Warns SolarWinds Victims to Report Breaches  The United Kingdom’s Information Commissioner’s Office (ICO) has issued a warning to organizations compromised by the SolarWinds breach. The breach, which was carried out by Russian hackers, affected more than 18000 organizations worldwide. ICO requires UK data controllers subject to NIS regulations to report…
Read More

What We Can Learn From the SolarWinds Breach

SolarWinds, a network management software company, found itself the direct victim of an insidious malware breach last week that had been in the works for months. The hack involved the installation of malware onto an updated version of their software, which was downloaded by over 18,000 customers, including approximately 421 Fortune 500 companies–and large swaths…
Read More
Third Party Risk Management

How to Manage Third-Party Risk With Increased Number of Remote Workers

Any compliance officer knows the importance of third-party risk management (TPRM)–and that keeping vendors in compliance with data privacy and protection laws is a continuous process. But, since the Covid-19 pandemic has forced most businesses to work remotely, overseeing vendor compliance has become much more difficult due to lack of a centralized operation. That’s in…
Read More
DoDs New Cybersecurity Certification

Explaining the DoD’s New Cybersecurity Certification

By 2026, any contractor that works with the Department of Defense must meet the standards set by version 1.0 of its Cybersecurity Maturity Model Certification (CMMC). The Pentagon released the new standards on Jan 31, which will require third-party certification of cyber resilience from DoD contractors and subcontractors. For contractors who hope to work with…
Read More
Back To Top