CCPA vs GDPR – what you need to know

Posted by:

Most of us are aware that California’s new consumer privacy law- CCPA – is set to take effect next January. While that might seem like eons away, it is not.

You might be forgiven for thinking that because you have twisted and strengthened your operation to comply with the EU’s General Data Protection Act, GDPR for short, you surely must be meeting the California privacy requirements.

Sadly – you are wrong. It’s ...

Read More →
0

Supply Chain attacks: 80% of senior IT professionals say it’s fastest growing cyberthreat

Posted by:

Earlier this year, we wrote about supply chain risk, warning organizations to be more wary, especially since GDPR has come into full effect. That said, GDPR is by no means the only privacy regulation out there (consider Massachusetts’ CMR 17.00  or California’s 2018 Consumer Privacy Act. No longer can we assume little to no liability when it comes to third party processing or handling of sensitive data.

Read More →

0

We’ve all got password fatigue, but are NIST’s new policies wise?

Posted by:

Ah the necessary evil of passwords.

Those of us who have worked in organizations that require users to change passwords at set intervals know what I mean.

Typically every three to six months, users are requested to perform a password change – maybe in the form of an annoying pop-up alert. In some setups, the user is lock out of the system until a new memorable password (but one that follows the complex password creation guidelines) is set.

A ...

Read More →
0

Are Fax Transmissions Covered Under 201 CMR 17.00?

Posted by:

Massachusetts Privacy Protection Law 201 CMR 17.00, which goes into effect March 1, 2010, does not specifically call for the encryption of fax transmissions, nor does it specifically mention how fax transmissions should be handled.  With that said, the intention of the law was NOT to exempt fax transmissions of personal information (PI) from consideration when creating a Comprehensive Information Security Program (CISP).  There are a couple of sections in the regulations that do refer to the transmission of PI ...

Read More →
0

The 201 CMR 17.00 Compliance Deadline of March 1, 2010 Is Rapidly Approaching.

Posted by:

Sounds a little like Chicken Little running around saying “the sky is falling, the sky is falling”.  However, the clock is ticking off precious minutes as your organization races to meet the compliance deadline for 201 CMR 17.00.  If your organization has been holding out for another extension from OCABR, then I’m afraid you’re out of luck.  March 1, 2010 is the drop dead date for compliance.

The final version of the regulation was released in late October and nobody has ...

Read More →
0

Getting Ready For 201 CMR 17.00

Posted by:

Don’t forget about the paper!

There’s been a tremendous amount written lately about how to prepare for the upcoming March 1 deadline for compliance with Massachusetts 201 CMR 17.00.
Almost everything I’ve read has focused on the electronic aspect of the regulation with little or no attention paid to how an organization will change the way they handle paper containing personal information. Just as a reminder, the intent of 201 CMR 17.00 is to establish minimum standards to be met in ...

Read More →
0
})
SEC Cybersecurity Exams