Policies

A view looking over the shoulder of a person working at a laptop and holding a cup of coffee. The screen on the laptop has the word TRENDS in large white letters on a red background.

SEC-Blackbaud Enforcement Showcases Two Emerging Trends

April 14, 2023
Posted in

On March 9, 2023, the Securities and Exchange Commission (SEC) reached a $3 million settlement with Blackbaud–a client relationship management (CRM) service provider–reflecting two trends in SEC’s enforcements which data controllers and data processors should watch. Trend #1: The enforcement action is the most recent in a series of SEC settlements for matters NOT being…

Read More
Judge using a gavel at a desk

P&Ps: The Common Denominator of Data Breach Findings

April 4, 2023
Posted in

When regulators issue data security breach rulings, their findings most often mirror those recently described by Andrew Ceresney, Director of the SEC Enforcement Division: “_____________ failed to adopt written policies and procedures reasonably designed to protect customer data.” That sentiment, stated in one variation or another, has been included in virtually every data security breach…

Read More
Shield Icon in Computer Data

How Service Providers Win When Customers’ P&Ps Are Documented

February 17, 2023
Posted in

Author’s note: The following describes the benefits of client P&Ps to data disposition (shredding and ITAD) service providers. The principles and benefits listed are equally compelling for all Data Processors, such as billing and AP, medical waste, managed services, data backup, records storage, etc. Let’s start with the basics: Every customer that is covered by…

Read More
A blue digital illustration of the globe

Why a Global Approach to Data Protection Compliance is a “Best Practice”

January 20, 2023
Posted in

Instead of creating data protection requirements that apply to organizations operating within a specific border, the new generation of data protection regulations sweeping the globe apply to the citizens of that region. And, though this difference is subtle and even a little impractical, it means Data Controllers and Data Processors have to think differently about…

Read More