What Are Your Privacy KPIs?

Identifying and maintaining measures of success in privacy programs.

The publication of ISO 27701 is an exciting development for all companies looking to enhance and potentially certify their privacy programs.  As companies race to digest and implement the new standard, many questions arise around how to address some of its particular requirements.  One such area involves the governance of an ISO 27701 […]

Cloud Companies Can Conquer GDPR with ISO 27018 Certification

Cloud Companies Can Conquer GDPR with ISO 27018 Certification. Almost a year into a post-GDPR world, the question for many cloud service providers is still, “How do I evidence GDPR compliance?”  With no meaningful certification in sight, the time is now for cloud service providers to be proactive in showing how they protect customer data in accordance with GDPR.

Developing & Implementing a Data Classification Policy

Properly classifying and labeling information assets is fundamental to a successful information security program, yet many organizations fail to implement one. Without proper asset classification, the organization exposes itself to additional risk of data breaches, accidental loss/release of sensitive information, losses in efficiency or additional costs associated with securing data that may not require it (hardware-based encryption doesn’t come cheap!).

It is […]

Tracking Data Breaches & Staying Informed

The Identity Theft Resource Center (ITRC) is a nonprofit organization that focuses on educating consumers, corporations, government agencies and other organizations on best practices related to fraud and identity theft detection, reduction and mitigation.

Additionally, the organization does an excellent job of indexing and documenting data breaches as well! ITRC’s 2015 year-end report indexed 781 breaches, with each […]

Privacy: Do Customers Deserve an Independent Audit Report?

Electronics are becoming a commodity – there’s not much profit from selling cell phones or laptops anymore (unless you’re apple). So most companies are moving away from investing in hardware as their core business and shifting towards services. Services come in many shapes and sizes, but usually include consulting services, applications, or analyzing and selling customer data.

Customer data is where it becomes interesting. As […]

Deploying a HIPAA Compliant Encryption Policy

2015-08-06 16_53_39-Hipaa.jpg (JPEG Image, 950 × 500 pixels)HIPAA, or the Health Insurance Portability and Accountability Act, presents a fairly robust set of standards and rules that any organization within the United States handing PHI (Personal Health Information) are compelled by law to address.

On the surface, many of HIPAA’s rules appear strait forward, but as I […]

Data in Transit- Bridging the Gap between Data Owners and Custodians

Ensuring both the integrity and confidentiality of data as it traverses an organization’s internal network and beyond can be complex, especially when attempting to bridge the gap between the Data Owner and Data Custodian, who typically view the organization from very different angles.

This presents the IT auditor with a great opportunity to act as the liaison between Data Owners and Data […]