Robert J. Johnson, CSDS, CIPP/US
When regulators issue data security breach rulings, their findings most often mirror those recently described by Andrew Ceresney, Director of the SEC Enforcement Division: “_____________ failed to adopt written policies and procedures reasonably designed to protect customer data.” That sentiment, stated in one variation or another, has been included in virtually every data security breach…
Read More
Author’s note: The following describes the benefits of client P&Ps to data disposition (shredding and ITAD) service providers. The principles and benefits listed are equally compelling for all Data Processors, such as billing and AP, medical waste, managed services, data backup, records storage, etc. Let’s start with the basics: Every customer that is covered by…
Read More
The Oxford dictionary defines Cybersecurity as “the state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this.” Hard to argue with that; it’s succinct, clear, and broad. So, with that definition in mind, it would be hard to argue that restricting access to the hardware…
Read More
Instead of creating data protection requirements that apply to organizations operating within a specific border, the new generation of data protection regulations sweeping the globe apply to the citizens of that region. And, though this difference is subtle and even a little impractical, it means Data Controllers and Data Processors have to think differently about…
Read More
As some readers know, I recently stepped down from my position as CEO of i-SIGMA. There was no intrigue or surprise behind my decision. The fact was simply that, after 27 years at the helm of NAID/i-SIGMA, recognition of the need for data destruction and for service provider qualifications had been largely achieved. i-SIGMA’s mission…
Read More- « Previous
- 1
- 2