Home/Privacy Compliance

Maximizing the Value of Your Privacy Impact Assessment

Telling your privacy story through a PIA As privacy regulations have proliferated, companies have been scrambling to address the many new compliance requirements. One component that can prove challenging to implement is the Privacy Impact Assessment.  Note: you can see our earlier whitepaper here. While the Privacy Impact Assessment may initially be considered a compliance exercise, when properly leveraged it can [...]

What Are Your Privacy KPIs?

Identifying and maintaining measures of success in privacy programs. The publication of ISO 27701 is an exciting development for all companies looking to enhance and potentially certify their privacy programs.  As companies race to digest and implement the new standard, many questions arise around how to address some of its particular requirements.  One such area involves the governance of an ISO [...]

By |2020-01-23T19:24:19+00:00November 4th, 2019|ISO 27001 Compliance, Privacy Compliance|0 Comments

ISO 27701 Privacy Framework Could be the GDPR Certification We’ve Been Waiting For

Faced with regulatory penalties, an avalanche of due diligence questionnaires, and stringent contractual clauses, companies of all sizes have been impacted by GDPR. To date, most companies have tackled GDPR with sheer effort, investing billions of dollars toward compliance with little or no assurance their efforts have paid off. As a result, business leaders are left wondering "Are we compliant?" and [...]

Cloud Companies Can Conquer GDPR with ISO 27018 Certification

Cloud Companies Can Conquer GDPR with ISO 27018 Certification. Almost a year into a post-GDPR world, the question for many cloud service providers is still, “How do I evidence GDPR compliance?”  With no meaningful certification in sight, the time is now for cloud service providers to be proactive in showing how they protect customer data in accordance with GDPR.

By |2020-01-17T21:17:50+00:00March 25th, 2019|ISO 27001 Compliance, Privacy Compliance|0 Comments

New Guidance Clarifies GDPR’s Data Protection Impact Assessment (DPIA) Requirements

The Data Protection Impact Assessment (DPIA) is a significant new burden on data controllers under GDPR.  As many have noted, GDPR does not clearly outline when a DPIA is required, instead referring to processing “likely to result in a high risk to the rights and freedoms of natural persons.” Article 35(4) charges supervisory authorities with developing a list of processing operations [...]

Quality Work Does Not Mean Quality Service

Quality Work Does Not Mean Quality Service "Managing the Professional Services Firm" by David Maister is considered to be "core canon" among consulting professionals. Though it was originally published over 25 years ago (1993) it has aged gracefully and almost all of its content is still relevant today. One of our team's favorite distinction, as pointed out by Maister, is the [...]

Developing an IT Audit & Security Plan for Microsoft Office 365

Our team was recently tasked with developing an audit plan for Microsoft Office 365. While there are plenty of tools available to assist organizations with performing ongoing audits of user privileges and object permissions in Microsoft Office 365, we were hard pressed to find any solid thought leadership on auditing Office 365 beyond user and object permissions. It almost appears that [...]

Symantec, Illegitimate Certificates & Why We Should Care

In 2015, Symantec was caught issuing improperly signed cryptographic certifications which could be used to break HTTPS and put internet users at risk. Some of the improperly issued certificates were issued to Google owned domains, which if used maliciously, could allow for impersonation of HTTPS protected Google websites. Understandably, Google was very upset and responded by requiring Symantec to publicly log [...]

By |2020-01-17T21:21:14+00:00January 30th, 2017|Cyber Risk Management, Privacy Compliance|0 Comments

Tracking Data Breaches & Staying Informed

The Identity Theft Resource Center (ITRC) is a nonprofit organization that focuses on educating consumers, corporations, government agencies and other organizations on best practices related to fraud and identity theft detection, reduction and mitigation. Additionally, the organization does an excellent job of indexing and documenting data breaches as well! ITRC’s 2015 year-end report indexed 781 breaches, with each being categorized by [...]

By |2020-01-17T21:21:31+00:00January 14th, 2016|Privacy Compliance|0 Comments