Compliance
Organizations rely on a number of different Data Processors for things like record storage, secure shredding, computer recycling, and a long list of other services that require sharing access to regulated personal information. And, though it doesn’t replace the requisite vendor selection due diligence evaluation, assessing their compliance acumen can help determine the service provider’s…
Read MoreYesterday’s SEC release alleging that software developer SolarWinds Corp. and its Chief Information Security Officer (CISO) T. Brown misled investors about known cybersecurity risks and vulnerabilities is yet another in a series of Commission actions regarding cybersecurity that should be setting off alarms for CISOs, CIOs, and the boards at all publicly traded companies and…
Read MoreFaced with the requirement of retaining a Data Protection Officer (DPO), it is important to understand their role. Regulatory language describing the duties of a DPO list the following: Monitor compliance with relevant regulations and with the company’s own policies in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and…
Read MoreAuthor’s note: The following describes the benefits of client P&Ps to data disposition (shredding and ITAD) service providers. The principles and benefits listed are equally compelling for all Data Processors, such as billing and AP, medical waste, managed services, data backup, records storage, etc. Let’s start with the basics: Every customer that is covered by…
Read MoreThe Oxford dictionary defines Cybersecurity as “the state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this.” Hard to argue with that; it’s succinct, clear, and broad. So, with that definition in mind, it would be hard to argue that restricting access to the hardware…
Read MoreInstead of creating data protection requirements that apply to organizations operating within a specific border, the new generation of data protection regulations sweeping the globe apply to the citizens of that region. And, though this difference is subtle and even a little impractical, it means Data Controllers and Data Processors have to think differently about…
Read More