Privacy, CCPA

Biometric Privacy in the Workplace – What You Need to Know

The complex legal landscape surrounding privacy, including biometrics, continues to evolve at the state level. Arduous legislation has led to lengthy privacy policies across the internet. Based on a study conducted by former chief technologist for the U.S. Federal Trade

Read More

PCI DSS, SOC2, CISO, vCISO, CIS Controls, Security Program, Privacy, Red Teaming

Why You Should Hire a Virtual Data Protection Officer (vDPO) Now

The Data Protection Officer (DPO) is a role required by the EU General Data Protection Regulation (GDPR). If your organization is subject to GDPR and meets the large-scale data handling factors, you need a DPO. What can you do if you don't have an

Read More

Privacy, CPRA

CPRA - Update on Stakeholder Sessions May 4-6, 2022

The California Privacy Rights Act (CPRA) evolution continues with lively public debate in May, where much of the focus is on data collection and automated decision-making. In addition, the California Privacy Protection Agency (CPPA) held

Read More

Privacy, GDPR, CPRA

CPRA Update May 2022

The California Privacy Protection Agency (CPPA) is holding pre-rulemaking stakeholder sessions via zoom this week Wed May 4 –6. The sessions are open to the public, and you can find full details on the CPPA website. Please read on for an overview of

Read More

PCI DSS, SOC2, CISO, vCISO, CIS Controls, Security Program, Privacy, Red Teaming

The Seven Essential Qualities of a vCISO

Not every business can internally support the staffing and resources necessary to independently develop robust cybersecurity and privacy programs. Fortunately, you can partially or fully outsource to trusted partners the jobs of CISO and IT security

Read More

Privacy, CPRA

CPPA Reduces the CPRA Implementation Window for New Privacy Laws

During a public board meeting on February 17, 2022, the California Privacy Protection Agency (CPPA) indicated it would likely miss the July 1, 2022 deadline for the finalized draft of the CPRA. The delay is due to more time and resources required to

Read More

Security Program, Privacy

The Seven Regions of Cyber-Governance

Privacy, cybersecurity, and Compliance are distinct practices with distinct goals. The three disciplines work together to build trust and confidence in your data management system in best-case scenarios.

Read More

HIPAA, Privacy, CCPA, GDPR

Data Privacy Tools in 2022

Three Types of Data Privacy Tools for 2022 Organizations are under extreme pressure to mitigate emerging risks and keep pace with changing regulatory requirements. The frantic pace of new privacy laws layered onto the increasing complexity of modern

Read More

HIPAA, Privacy, CCPA, GDPR

EU Privacy - New GDPR Data Transfer Tools

New EU data privacy laws impact companies in 2022.  In June 2021, the European Commission adopted a new set of standard contractual clauses (SCCs) for the transfer of personal data outside of EU countries such as the United States. Businesses have

Read More

Security Program, Privacy

Apache Log4j Vulnerabilities vs. Cybersecurity Risk Management

Apache Log4j Vulnerabilities vs. GRC  On December 10, Apache released details about a Log4j-core vulnerability nicknamed "Log4Shell". It is documented in CVE-2021-44228, and rated a rare 10 out of 10 on the CVSS vulnerability rating

Read More