Senate Bill 1121, more commonly known as the California Consumer Privacy Act (CCPA) was passed on September 23, 2018, and becomes effective on January 1, 2020. Already being compared to the European Union’s General Data Protection Regulation (GDPR), the new law focuses on privacy rights and encompasses both consumer protection and data protection. Thus, organizations need to know how to secure and protect information to meet the CCPA’s regulatory requirements.

The time-consuming, administratively burdensome compliance process is riddled with potential human errors that can lead to violations. As securing data increasingly relies on proving controls’ effectiveness, the compliance becomes more stressful for everyone in the organization. However, building compliance workflow can streamline the process leading to a more cost effect and auditable outcome.

Governance, risk, and compliance (GRC) have become buzzwords in cybersecurity. As governments and industry standards organizations respond to the data breach landscape by creating new compliance requirements, governance has become fundamental to creating an effective risk management program. Auditing governance requires organizations to communicate with internal and external stakeholders.

Cyber risk management for the retail industry increases in complexity on an almost daily basis. Using Software-as-a-Service (SaaS) tools eases business operations by streamlining payment processing and inventory management. However, since automated tools connect to the internet, they add new risks that retailers need to mitigate.

Like deck building tabletop games, enterprise risk management (ERM) frameworks offer different strategies for determining risk and how to mitigate those risks.

Being a compliance manager can sound tedious to a lot of people. When people think about compliance, they often think in terms of checking boxes on audit forms. However, compliance management is more like putting together a puzzle without having the cover picture. Compliance issues come from a variety of regulations and industry standards, often overlapping while sometimes being disconnected.

As data breach threats increase, governments and industry standards organizations seek to force organizations into maintaining better data security controls. Thus, creating an effective compliance program has become a business operations imperative rather than a series of “best practices.”