New Bill Could Force U.S. Businesses to Report Data Breaches Quicker

A bipartisan Senate bill would require some businesses to report data breaches to law enforcement within 24 hours or face financial penalties and the loss of government contracts. The legislation from Senate Intelligence Chair and Democratic Senator Mark Warner with Republican Senators Marco Rubio and Susan Collins is just one of several new cybersecurity bills that will likely be debated this year. If passed, the bill could require certain U.S.


How to be Compliant with Biden's Cybersecurity Executive Order

In an ambitious leap towards improving the Nation’s security posture, President Joe Biden has instituted an Executive Order to improve cyber threat information sharing between the U.S Government and the Private Sector. The goal is to align cybersecurity initiatives and minimize future threats to national security by modernizing cybersecurity defenses in the United States.


Are U.S. Companies Affected by the GDPR?

The European Union’s General Data Protection Regulation applies to any organization that operates in the EU or that collects or processes the personal data of EU citizens. So if a business in the United States (or anywhere else in the world, for that matter) does handle such data — yes, the GDPR can apply to you. That said, the exact compliance requirements will vary depending on the size of your company and how you process and store the applicable data.


Privacy Laws Comparison: Russia vs. China vs. USA

The data privacy regimes in Russia, China, and the United States are very different from the regimes elsewhere. The financial lure of selling to, or processing data on, EU residents is strong, which has led other countries to adopt the General Data Protection Regulation (GDPR) or something like it. Russia, China, and the United States are large enough for other forces to dominate, including the desire to have their citizens’ data stored locally, as we’ll see.


Are you GDPR 'data controller' or 'data processor'? Why is it important?

The responsibility for compliance with GDPR privacy laws, and the consequences of non-compliance can vary greatly from one organization to another. Often it is not clear who is responsible for data protection – whether or not they are a “data controller” or “data processor” – but here are some guidelines in order to help you determine which category your company falls into so as to best take necessary precautions against breaches or other potential illegalities.


Data privacy laws drive urgency to create a data security strategy

With the introduction of more data privacy laws, companies can use a data security strategy and framework to help them achieve better compliance. This is the second post in a data protection blog series that addresses how organizations can better protect their sensitive data. This blog post addresses data privacy laws, frameworks, and how organizations can create their own data security strategies and frameworks to achieve compliance with today’s data privacy laws and standards.


The European Commission's new SCCs for data transfers

The GDPR recently marked its three-year anniversary, but one aspect of compliance for many companies is much older. Standard contractual clauses (SCCs), the mechanisms that most international organizations used to legally transfer data between the European Economic Area (EEA) and third party countries—like the US—are over a decade old. For organizations moving data in and out of the EEA, the last few years have been complicated.


How to Comply with CPS 234 (updated for 2021)

Prudential Standard CPS 234 Information Security (CPS 234) is an APRA prudential standard. Australian Prudential Regulation Authority’s (APRA) mission is to establish and enforce prudential standards designed to ensure that, under all reasonable circumstances, financial promises made by its regulated entities are met within a stable, efficient, and competitive financial services sector.