Examining the How of NIST Privacy

Posted by:

Last time I discussed why you should consider using the NIST Privacy framework as both a foundation and methodology for managing data protection and privacy risk management

In this article, I’d like to explain how it works in practice.

Here we bring together facts and information from disparate and sometimes rather technical documents. When I began my research into the NIST Privacy framework, I saw it described as both “

Read More →
0

CCPA is now in effect. What you need to do about it

Posted by:

The California Consumer Privacy Act, or CCPA, seemed to take an age between being signed into law in 2018 and coming into effect in January of this year. Even after this long lead-up time, businesses were given an additional six months of grace. That six month has just come to an end on 1st July.

So now that CCPA has properly come into effect, what’s your business doing about it?

You ...

Read More →
0

Isn’t it time we talk seriously about a nation-wide Privacy Act?

Posted by:

Would you be surprised if someone told you that they felt even less secure online today, compared to five years ago? 

All we hear about are big companies screwing up and losing user data

Nah. Me neither. As reports Mitchell Noordyke from iapp, “state level momentum for comprehensive privacy bills is at an all time high. 

One of the hot topics now is whether the United States, Like the EU, ...

Read More →
0

CCPA vs GDPR – what you need to know

Posted by:

Most of us are aware that California’s new consumer privacy law- CCPA – is set to take effect next January. While that might seem like eons away, it is not.

You might be forgiven for thinking that because you have twisted and strengthened your operation to comply with the EU’s General Data Protection Act, GDPR for short, you surely must be meeting the California privacy requirements.

Sadly – you are wrong. It’s ...

Read More →
0

Supply Chain attacks: 80% of senior IT professionals say it’s fastest growing cyberthreat

Posted by:

Earlier this year, we wrote about supply chain risk, warning organizations to be more wary, especially since GDPR has come into full effect. That said, GDPR is by no means the only privacy regulation out there (consider Massachusetts’ CMR 17.00  or California’s 2018 Consumer Privacy Act. No longer can we assume little to no liability when it comes to third party processing or handling of sensitive data.

Read More →

0

We’ve all got password fatigue, but are NIST’s new policies wise?

Posted by:

Ah the necessary evil of passwords.

Those of us who have worked in organizations that require users to change passwords at set intervals know what I mean.

Typically every three to six months, users are requested to perform a password change – maybe in the form of an annoying pop-up alert. In some setups, the user is lock out of the system until a new memorable password (but one that follows the complex password creation guidelines) is set.

A ...

Read More →
0

Are Fax Transmissions Covered Under 201 CMR 17.00?

Posted by:

Massachusetts Privacy Protection Law 201 CMR 17.00, which goes into effect March 1, 2010, does not specifically call for the encryption of fax transmissions, nor does it specifically mention how fax transmissions should be handled.  With that said, the intention of the law was NOT to exempt fax transmissions of personal information (PI) from consideration when creating a Comprehensive Information Security Program (CISP).  There are a couple of sections in the regulations that do refer to the transmission of PI ...

Read More →
0

The 201 CMR 17.00 Compliance Deadline of March 1, 2010 Is Rapidly Approaching.

Posted by:

Sounds a little like Chicken Little running around saying “the sky is falling, the sky is falling”.  However, the clock is ticking off precious minutes as your organization races to meet the compliance deadline for 201 CMR 17.00.  If your organization has been holding out for another extension from OCABR, then I’m afraid you’re out of luck.  March 1, 2010 is the drop dead date for compliance.

The final version of the regulation was released in late October and nobody has ...

Read More →
0

Getting Ready For 201 CMR 17.00

Posted by:

Don’t forget about the paper!

There’s been a tremendous amount written lately about how to prepare for the upcoming March 1 deadline for compliance with Massachusetts 201 CMR 17.00.
Almost everything I’ve read has focused on the electronic aspect of the regulation with little or no attention paid to how an organization will change the way they handle paper containing personal information. Just as a reminder, the intent of 201 CMR 17.00 is to establish minimum standards to be met in ...

Read More →
0
})
SEC Cybersecurity Exams