General

The word VENDOR is shown in red letters through a magnifying glass.

What Business Services are Data Processors, and Why Does It Matter?

April 15, 2024
Posted in

This entry is intended to help both novice and veteran data protection professional appreciate the number and types of service providers subject to the compliance requirements of privacy regulations. As far back as the mid 1990s, regulations have reflected the fact that data-related vendors, a.k.a., data processors, are critical to data controllers’ ability to protect…

Read More
White legal icons on a colored background

Why “Segregation of Duties” Should be Applied to ITAM-ITAD

June 16, 2023
Posted in

Segregation of Duties (SODs), a.k.a. Separation of Duties, is the basic fiduciary mechanism that prevents an individual or department from having full custody of process integrity where there is an inherent conflict of interest or an opportunity for fraud. As the name denotes, to mitigate these potential problems, the duties related to those processes are…

Read More
A graphic image displaying a grey icon of the head and chest area of a human that also includes a lock icon in the head area, along with many blue nodes surrounding the icon.

What Does a DPO Do?

May 15, 2023
Posted in

Faced with the requirement of retaining a Data Protection Officer (DPO), it is important to understand their role. Regulatory language describing the duties of a DPO list the following: Monitor compliance with relevant regulations and with the company’s own policies in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and…

Read More
Closeup photo of a stack of papers, some with pink or yellow sticky notes

The Dangers of Uncontrolled Records & Old Electronics

April 21, 2023
Posted in

This blog describes how squirreled-away or forgotten documents and electronic equipment 1) undermine an organization’s records retention policy, 2) constitute a security risk, 3) complicate legal discovery compliance, and 4) violate new privacy regulations. __________ What are Uncontrolled Records and Old Electronics? The legal definition of a “business record” is any and all information recorded…

Read More
U.S. Securities and Exchange Commission Logo with data and legal icons

The SEC’s Proposed New Data Security Rules

April 6, 2023
Posted in

A March 15 proposal by the Security and Exchange Commission (SEC) to amend the Gramm-Leach-Bliley Act Safeguard’s Rule will require financial institutions and their data processors (i.e., secure shredders, ITADs, managed service providers, etc.) to seriously rethink and retool their data protection contracts, recordkeeping, and policies and procedures. Here’s What it Looks Like The proposal…

Read More
Keyboard Privacy Icons

Yes! ITAD Falls Under Cybersecurity; Get Ready for What Comes Next!

February 3, 2023
Posted in

The Oxford dictionary defines Cybersecurity as “the state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this.” Hard to argue with that; it’s succinct, clear, and broad. So, with that definition in mind, it would be hard to argue that restricting access to the hardware…

Read More
Privata Vox Icon

What is Privata Vox®?

January 6, 2023
Posted in

As some readers know, I recently stepped down from my position as CEO of i-SIGMA. There was no intrigue or surprise behind my decision. The fact was simply that, after 27 years at the helm of NAID/i-SIGMA, recognition of the need for data destruction and for service provider qualifications had been largely achieved. i-SIGMA’s mission…

Read More