I was prompted to write this quick post this morning when I read this article. I think it is a good example of what some (actually many, in my experience) …
For many US-based multinational organizations, EU-approved Standard Contractual Clauses (“SCCs”) have long represented a relatively straightforward solution for the compliant transfer of personal data of EU residents to the organizations’ …
The California Consumer Privacy Act (“CCPA”) becomes effective in less than a year. That means that for businesses in highly regulated sectors such as pharmaceuticals and life sciences, now is …
This is a detailed follow-up to the quick post I wrote the Friday before the Labor Day weekend, based on my read at the time of the PCI SSC’s Special Interest Group …
Hello PCI SSC, You had me on board until I saw this statement in your guidance1 released yesterday. “However, using risk as the basis for an organization’s information security program …
Almost all Payment Card Industry (PCI) breaches over the past year, including the most recent one at Supervalu appear to have the following aspects in common: 1. They involved some compromise …
I think it makes sense for the HIPAA Security Rule (even in its latest form from the Omnibus update) not to be prescriptive. For one, the Rule is meant to …
I couldn’t help write this post when I noticed this press release based on an IDC Insights Survey of Oil & Gas Companies. I don’t have access to the full …
Notice the title doesn’t say HIPAA Security and Privacy. Nor does it have any of the words – HITECH, Omnibus Rule, Meaningful Use etc. That is the point of this post. Let …