General
The number of high-profile corporations committing to a global approach to data protection and privacy compliance is staggering. It might be easier to find one that isn’t. A partial list includes Airbnb, Adobe, Amazon, American Express, Apple, AT&T, Boeing, Chevron, Citibank, Cisco, Coca-Cola, Dell Technologies, Dropbox, eBay, ExxonMobil, Ford, General Motors, Goldman Sachs, Alphabet, HP…
Read MoreThis entry explains how combining a non-disclosure agreement (NDA) with a strong information protection policy is now the best way to prevent former employees from sharing competition-sensitive information. And, while others have pointed to NDAs as an alternative, they fail to identify the critical importance information protection policies play in this strategy. Most current employees…
Read MoreThis entry is intended to help both novice and veteran data protection professional appreciate the number and types of service providers subject to the compliance requirements of privacy regulations. As far back as the mid 1990s, regulations have reflected the fact that data-related vendors, a.k.a., data processors, are critical to data controllers’ ability to protect…
Read MoreSegregation of Duties (SODs), a.k.a. Separation of Duties, is the basic fiduciary mechanism that prevents an individual or department from having full custody of process integrity where there is an inherent conflict of interest or an opportunity for fraud. As the name denotes, to mitigate these potential problems, the duties related to those processes are…
Read MoreFaced with the requirement of retaining a Data Protection Officer (DPO), it is important to understand their role. Regulatory language describing the duties of a DPO list the following: Monitor compliance with relevant regulations and with the company’s own policies in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and…
Read MoreThis blog describes how squirreled-away or forgotten documents and electronic equipment 1) undermine an organization’s records retention policy, 2) constitute a security risk, 3) complicate legal discovery compliance, and 4) violate new privacy regulations. __________ What are Uncontrolled Records and Old Electronics? The legal definition of a “business record” is any and all information recorded…
Read MoreA March 15 proposal by the Security and Exchange Commission (SEC) to amend the Gramm-Leach-Bliley Act Safeguard’s Rule will require financial institutions and their data processors (i.e., secure shredders, ITADs, managed service providers, etc.) to seriously rethink and retool their data protection contracts, recordkeeping, and policies and procedures. Here’s What it Looks Like The proposal…
Read MoreThe Oxford dictionary defines Cybersecurity as “the state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this.” Hard to argue with that; it’s succinct, clear, and broad. So, with that definition in mind, it would be hard to argue that restricting access to the hardware…
Read MoreAs some readers know, I recently stepped down from my position as CEO of i-SIGMA. There was no intrigue or surprise behind my decision. The fact was simply that, after 27 years at the helm of NAID/i-SIGMA, recognition of the need for data destruction and for service provider qualifications had been largely achieved. i-SIGMA’s mission…
Read More