When it comes to protecting your organization from IT security threats and cyberattacks, your staff are one of your biggest vulnerabilities. For data protection and data privacy compliance, it is no different. On May 25, 2018, the General Data Protection Regulation (GDPR) was passed by the European Union (EU). It imposes strict data protection obligations on any organization who target and/or collect data of EU citizens.

Covered entities bound by law to follow HIPAA regulations – like healthcare providers, health plans, and others handling protected health information (PHI) – need to demonstrate efforts to secure PHI. The specific measures required to do so are detailed in the HIPAA security rule which states that covered entities must put controls into place to identify and protect against anticipated threats to the security and integrity of PHI.

Qatar is one of the wealthiest countries in the world. Finances Online, Global Finance Magazine and others consider it to be the wealthiest nation. This is because the country has a small population of under 3 million but relies on oil for the majority of its exports and Gross Domestic Product (GDP). These two factors helped to push the country’s GDP measured at purchasing power parity (PPP) to over 132,886, per Global Finance Magazine’s findings in August 2020.

As legislation goes, the GDPR could be unique in its insistence that a new professional role, the Data Protection Officer (DPO), be created to ensure its mandates are properly met. But getting a DPO in place is no simple recruitment exercise, and that’s especially true for schools. For starters, people with the requisite mix of abilities and experience to do the job in educational environments are hard to find.

During the previous weeks, we provided a thorough overview of the EU NIS Directive, focusing on the Operators of Essential Systems (OES), the Digital Service Providers (DSP) and the compliance frameworks. Our review of the EU cybersecurity policy and strategy would be incomplete without mentioning the EU Cybersecurity Act.

The Protection of Personal Information (POPI) Act puts South Africa’s data regulation standards on par with existing data protection laws around the world. It aims to protect personally identifiable information (PII), enforce individuals’ rights to privacy, and provide guidelines for lawfully processing sensitive information and notifying regulators and data holders in the event of a breach.

Compliance with the Sarbanes-Oxley Act of 2002 is a legally mandated must for all U.S. public companies and some other entities, as well. But meeting the requirements of this important law can be incredibly difficult. Preparing for a SOX compliance audit requires so much work that companies often designate entire teams full-time to the task. The law is that complex.

The General Data Protection Regulation (GDPR) has been in effect for two years in the European Union (EU). As Americans continue to become attentive to GDPR and their own data privacy, it’s not surprising that some data protection guidelines are emerging in the United States. Indeed, it’s safe to assume that California Consumer Privacy Act (CCPA) was modeled from the EUs data privacy framework.

Texas passed House Bill 8 relating to cybersecurity for state agency information resources. The bill sets mandatory practices for state agencies, institutes continuous monitoring and auditing of network systems, adds protections for student data privacy, and updates the penalties for cybercrimes.