Authored by: Camille Ley, Senior Privacy Consultant and Lindsay Farbent, Privacy ConsultantIf you are like many businesses that have implemented solutions to honor consumer do not sell/share requests in accordance with U.S. state privacy laws, you have likely placed a...
REGULATORY COMPLIANCE
Next time you do a Risk Assessment or Analysis, make sure you have Risk Intelligence on board
I was prompted to write this quick post this morning when I read this article. I think it is a good example of what some (actually many, in my experience) …
SCCs under Scrutiny: Transfer Strategies for US Companies Contracting with EU Service Providers
For many US-based multinational organizations, EU-approved Standard Contractual Clauses (“SCCs”) have long represented a relatively straightforward solution for the compliant transfer of personal data of EU residents to the organizations’ …
Practical Solutions to CCPA Challenges for Pharmaceutical and Life Science Organizations
The California Consumer Privacy Act (“CCPA”) becomes effective in less than a year. That means that for businesses in highly regulated sectors such as pharmaceuticals and life sciences, now is …
Hello PCI SSC… Can we rethink?
This is a detailed follow-up to the quick post I wrote the Friday before the Labor Day weekend, based on my read at the time of the PCI SSC’s Special Interest Group …
Hello PCI SSC…
Hello PCI SSC, You had me on board until I saw this statement in your guidance1 released yesterday. “However, using risk as the basis for an organization’s information security program …
PCI Breaches Can we at least detect them?
Almost all Payment Card Industry (PCI) breaches over the past year, including the most recent one at Supervalu appear to have the following aspects in common: 1. They involved some compromise …
I like the fact that the HIPAA Security Rule is not prescriptive, except…
I think it makes sense for the HIPAA Security Rule (even in its latest form from the Omnibus update) not to be prescriptive. For one, the Rule is meant to …
Compliance obligations need not stand in the way of better information security and risk management
I couldn’t help write this post when I noticed this press release based on an IDC Insights Survey of Oil & Gas Companies. I don’t have access to the full …