Robert J. Johnson, CSDS, CIPP/US, CIPP/E
Segregation of Duties (SODs), a.k.a. Separation of Duties, is the basic fiduciary mechanism that prevents an individual or department from having full custody of process integrity where there is an inherent conflict of interest or an opportunity for fraud. As the name denotes, to mitigate these potential problems, the duties related to those processes are…
Read More
Faced with the requirement of retaining a Data Protection Officer (DPO), it is important to understand their role. Regulatory language describing the duties of a DPO list the following: Monitor compliance with relevant regulations and with the company’s own policies in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and…
Read More
This blog describes how squirreled-away or forgotten documents and electronic equipment 1) undermine an organization’s records retention policy, 2) constitute a security risk, 3) complicate legal discovery compliance, and 4) violate new privacy regulations. __________ What are Uncontrolled Records and Old Electronics? The legal definition of a “business record” is any and all information recorded…
Read More
A series of recent Security and Exchange Commission (SEC) announcements point to the increasing risk of whistleblowers stemming from improper IT asset disposal (ITAD) practices. First, over the past year, the SEC has issued a number of statements and proposals indicating its intentions to hold organizations (and boards) under its jurisdiction accountable for cybersecurity. At…
Read More
During a ceremony at i-SIGMA’s recent conference in Las Vegas, Nevada, President Bowman Richards announced that the association’s top honor, the “President’s Award,” would henceforth be known as “The Robert Johnson Lifetime Achievement Award.” In commenting on the name change, Richards said, “This award is meant to recognize a lifelong contribution to the advancement of…
Read More
On March 9, 2023, the Securities and Exchange Commission (SEC) reached a $3 million settlement with Blackbaud–a client relationship management (CRM) service provider–reflecting two trends in SEC’s enforcements which data controllers and data processors should watch. Trend #1: The enforcement action is the most recent in a series of SEC settlements for matters NOT being…
Read More
A March 15 proposal by the Security and Exchange Commission (SEC) to amend the Gramm-Leach-Bliley Act Safeguard’s Rule will require financial institutions and their data processors (i.e., secure shredders, ITADs, managed service providers, etc.) to seriously rethink and retool their data protection contracts, recordkeeping, and policies and procedures. Here’s What it Looks Like The proposal…
Read More
When regulators issue data security breach rulings, their findings most often mirror those recently described by Andrew Ceresney, Director of the SEC Enforcement Division: “_____________ failed to adopt written policies and procedures reasonably designed to protect customer data.” That sentiment, stated in one variation or another, has been included in virtually every data security breach…
Read More
Author’s note: The following describes the benefits of client P&Ps to data disposition (shredding and ITAD) service providers. The principles and benefits listed are equally compelling for all Data Processors, such as billing and AP, medical waste, managed services, data backup, records storage, etc. Let’s start with the basics: Every customer that is covered by…
Read More
The Oxford dictionary defines Cybersecurity as “the state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this.” Hard to argue with that; it’s succinct, clear, and broad. So, with that definition in mind, it would be hard to argue that restricting access to the hardware…
Read More- « Previous
- 1
- 2
- 3
- 4
- Next »