Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Legislation

US data transfers: are they allowed?

US data transfers... are they allowed? Well. Yes. It depends....it’s complicated. Let’s get stuck in and I’ll explain all. In July this year, the EU Commission made an adequacy decision for the new EU-US Data Privacy Framework (DPF). This can be seen as Safe Harbor 3.0. Essentially, in most scenarios, data transfers from the EU to the US are now permitted without the need for other mechanisms such as Standard Contractual Clauses (SCCs).

SEC's Cybersecurity Regulations, Part III: The Relationship Between the CISO & The Board

Cybersecurity is a top risk for corporate directors to understand and navigate. The implications of cyber events for a company are many and growing: instantly damaged reputations that erode years of credibility and trust with customers and investors, impaired profitability from customer attrition and increased operating costs, lost intellectual property, fines and litigation, and harm to a company’s people and culture.

Law 25 (Quebec's Bill 64) FAQs on Data Privacy

Quebec’s Law 25, also known as Bill 64, is a comprehensive data privacy law that introduces stringent requirements for organizations handling personal information. Non-compliance can have, and likely will have severe consequences for businesses, resulting in costly fines and reputation loss, which impact businesses greatly. Protegrity’s pseudonymization solutions can help organizations simplify Law 25 compliance and avoid fines.

SOX VS SOC - Mapping the Differences

Let’s explore the critical differences between SOC and SOX compliance. In the realm of information security and financial reporting, compliance enables organizations to build trust and transparency with stakeholders. To accomplish this, companies must adhere to specific regulations and standards. SOC and SOX represent two pivotal compliance frameworks that help maintain financial reporting integrity and data security.

Navigating the SEC's New Cybersecurity Disclosure Rules: A Guide for Businesses

The landscape of cybersecurity is evolving rapidly, and with it, so are the regulations governing it. One such significant development is the Securities and Exchange Commission's (SEC) recently finalised cybersecurity disclosure rules. These new rules are poised to change how businesses handle and disclose their cyber risk management strategies.

Tackling the 2023 SEC Cybersecurity Rules

The new rules from the U.S. Securities and Exchange Commission (SEC) on reporting mark a significant shift in the requirements for disclosing cyber breaches, leaving many businesses wondering how their cybersecurity practices will be impacted in the long run. These new rules create significant new disclosure obligations for public companies, requiring timely and detailed disclosures of material cybersecurity incidents and periodic disclosures about cybersecurity risk management and governance.

SEC Cybersecurity Disclosure Rules: What You Need to Know

On July 2023, the Securities and Exchange Commission (SEC) implemented a final rule mandating public companies to furnish comprehensive and uniform disclosures pertaining to cybersecurity risk management, strategy, governance, and incidents. We’re going to discuss SEC Cybersecurity Disclosure Rules and What You Need to Know.

Navigating the Complex AI Regulatory Landscape - Transparency, Data, and Ethics

Ahead of the upcoming AI Safety Summit to be held at the UK’s famous Bletchley Park in November, I wanted to outline three areas that I would like to see the summit address, to help simplify the complex AI regulatory landscape. When we start any conversation about the risks and potential use cases for an artificial intelligence (AI) or machine learning (ML) technology, we must be able to answer three key questions.

Meeting the Third-Party Requirements of the Essential Eight

Today’s rapidly evolving digital world requires organizations to build a robust cybersecurity plan to safeguard internal infrastructures and oversee third-party vendors' cyber health. The Essential 8 is a cybersecurity framework developed by the Australian Signals Directorate designed to help organizations protect themselves against different cyber risks.