Home/Tag: Privacy

Maximizing the Value of Your Privacy Impact Assessment

Telling your privacy story through a PIA

As privacy regulations have proliferated, companies have been scrambling to address the many new compliance requirements. One component that can prove challenging to implement is the Privacy Impact Assessment. 

Note: you can see our earlier whitepaper here.

While the Privacy Impact Assessment may initially be considered a compliance exercise, when properly […]

What Are Your Privacy KPIs?

Identifying and maintaining measures of success in privacy programs.

The publication of ISO 27701 is an exciting development for all companies looking to enhance and potentially certify their privacy programs.  As companies race to digest and implement the new standard, many questions arise around how to address some of its particular requirements.  One such area involves the governance of an ISO 27701 […]

By |2020-01-23T19:24:19+00:00November 4th, 2019|ISO 27001 Compliance, Privacy Compliance|0 Comments

Cloud Companies Can Conquer GDPR with ISO 27018 Certification

Cloud Companies Can Conquer GDPR with ISO 27018 Certification. Almost a year into a post-GDPR world, the question for many cloud service providers is still, “How do I evidence GDPR compliance?”  With no meaningful certification in sight, the time is now for cloud service providers to be proactive in showing how they protect customer data in accordance with GDPR.

By |2020-01-17T21:17:50+00:00March 25th, 2019|ISO 27001 Compliance, Privacy Compliance|0 Comments

Developing & Implementing a Data Classification Policy

Properly classifying and labeling information assets is fundamental to a successful information security program, yet many organizations fail to implement one. Without proper asset classification, the organization exposes itself to additional risk of data breaches, accidental loss/release of sensitive information, losses in efficiency or additional costs associated with securing data that may not require it (hardware-based encryption doesn’t come cheap!).

It is […]

Tracking Data Breaches & Staying Informed

The Identity Theft Resource Center (ITRC) is a nonprofit organization that focuses on educating consumers, corporations, government agencies and other organizations on best practices related to fraud and identity theft detection, reduction and mitigation.

Additionally, the organization does an excellent job of indexing and documenting data breaches as well! ITRC’s 2015 year-end report indexed 781 breaches, with each […]

By |2020-01-17T21:21:31+00:00January 14th, 2016|Privacy Compliance|0 Comments

Privacy: Do Customers Deserve an Independent Audit Report?

Electronics are becoming a commodity – there’s not much profit from selling cell phones or laptops anymore (unless you’re apple). So most companies are moving away from investing in hardware as their core business and shifting towards services. Services come in many shapes and sizes, but usually include consulting services, applications, or analyzing and selling customer data.

Customer data is where it becomes interesting. As […]

By |2020-01-17T21:21:48+00:00November 23rd, 2015|Privacy Compliance|3 Comments

Deploying a HIPAA Compliant Encryption Policy

2015-08-06 16_53_39-Hipaa.jpg (JPEG Image, 950 × 500 pixels)HIPAA, or the Health Insurance Portability and Accountability Act, presents a fairly robust set of standards and rules that any organization within the United States handing PHI (Personal Health Information) are compelled by law to address.

On the surface, many of HIPAA’s rules appear strait forward, but as I […]