SEC

Businessman hands typing on laptop with triangular malware caution warning sign.

Flawed ITAM: Known Cyber Security Risks Spell Trouble for CISOs and Boards

October 31, 2023
Posted in

Yesterday’s SEC release alleging that software developer SolarWinds Corp. and its Chief Information Security Officer (CISO) T. Brown misled investors about known cybersecurity risks and vulnerabilities is yet another in a series of Commission actions regarding cybersecurity that should be setting off alarms for CISOs, CIOs, and the boards at all publicly traded companies and…

Read More
A closeup image of a person's hands holding a pen and signing a document. A lock icon floats in the foreground.

Data Controller/Data Processor Contracts #2:
Regulatory Alignment

August 17, 2023
Posted in

This is the second blog in an ongoing series examining the often-overlooked nuances of data controller/data processor contracts. Regulatory alignment is one of the primary reasons regulations require contracts between data controllers and data processors. And, yet, despite its primacy, many contracts make the mistake of establishing this linkage with an overly simplistic clause stating…

Read More
White legal icons on a colored background

Why “Segregation of Duties” Should be Applied to ITAM-ITAD

June 16, 2023
Posted in

Segregation of Duties (SODs), a.k.a. Separation of Duties, is the basic fiduciary mechanism that prevents an individual or department from having full custody of process integrity where there is an inherent conflict of interest or an opportunity for fraud. As the name denotes, to mitigate these potential problems, the duties related to those processes are…

Read More
Yellow background with the silhouette of someone blowing a whistle.

How to Mitigate the ITAD Whistleblower Challenge

April 16, 2023
Posted in

A series of recent Security and Exchange Commission (SEC) announcements point to the increasing risk of whistleblowers stemming from improper IT asset disposal (ITAD) practices. First, over the past year, the SEC has issued a number of statements and proposals indicating its intentions to hold organizations (and boards) under its jurisdiction accountable for cybersecurity. At…

Read More
A view looking over the shoulder of a person working at a laptop and holding a cup of coffee. The screen on the laptop has the word TRENDS in large white letters on a red background.

SEC-Blackbaud Enforcement Showcases Two Emerging Trends

April 14, 2023
Posted in

On March 9, 2023, the Securities and Exchange Commission (SEC) reached a $3 million settlement with Blackbaud–a client relationship management (CRM) service provider–reflecting two trends in SEC’s enforcements which data controllers and data processors should watch. Trend #1: The enforcement action is the most recent in a series of SEC settlements for matters NOT being…

Read More
U.S. Securities and Exchange Commission Logo with data and legal icons

The SEC’s Proposed New Data Security Rules

April 6, 2023
Posted in

A March 15 proposal by the Security and Exchange Commission (SEC) to amend the Gramm-Leach-Bliley Act Safeguard’s Rule will require financial institutions and their data processors (i.e., secure shredders, ITADs, managed service providers, etc.) to seriously rethink and retool their data protection contracts, recordkeeping, and policies and procedures. Here’s What it Looks Like The proposal…

Read More
Keyboard Privacy Icons

Yes! ITAD Falls Under Cybersecurity; Get Ready for What Comes Next!

February 3, 2023
Posted in

The Oxford dictionary defines Cybersecurity as “the state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this.” Hard to argue with that; it’s succinct, clear, and broad. So, with that definition in mind, it would be hard to argue that restricting access to the hardware…

Read More