Create a Culture of Security to Protect Personal Information

The Gramm-Leach-Bliley Act.
The Fair Credit Reporting Act.
The Federal Trade Commission Act.

What do they have in common with numerous state data breach notification laws? They require companies to take “reasonable” security measures to protect sensitive information. But what does that mean? What is reasonable?

If your company

Read the rest
Read more

2017 State Data Breach Notification Law Update

It’s time to update your State Breach Notification charts. As of 2017, 48 states have data breach notification laws. Welcome to the fold, New Mexico.  (In case you were wondering, Alabama and South Dakota are the two states without data breach notification laws).

Why so many changes? State data breach

Read the rest
Read more

A Data Breach is a Great Way to Lose Customers!

Companies suffer many types of damages after experiencing a data breach – monetary, legal and reputation to name a few.  Monetary and legal damages can be quantified and somewhat predicted based on history. Damage to a company’s reputation is, on the other hand, more difficult to quantify because it’s based

Read the rest
Read more

Another Incentive-Based Data Security Legislation Emerges

Developing and maintaining a robust cybersecurity program is an investment. Recently, numerous state legislatures have proposed a return on that investment in the form of statutory incentives for organizations who maintain certain safeguards on protecting sensitive information. Importantly, these statutory incentives give yet another reason to persuade management that your

Read the rest
Read more

Danger! Holidays and Phishing Scams Dead Ahead!

On Cyber Monday 2016, consumers made e-commerce history by spending more than $3.4 billion online. It’s easy to see why. Retailers bombard shoppers from all angles – email, in-app alerts, and text messages. While the deals may be real, hackers prey on the innocents’ quest for bargains, and their

Read the rest
Read more

Federal Government Provides Guidance on Mobile Devices and Protected Health Information (PHI)

The October newsletter (Newsletter) from the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) focused on protecting PHI when using mobile devices like smart phones and tablets. The Newsletter reminds entities regulated by HIPAA that mobile devices must be included in their enterprise-wide risk analysis and

Read the rest
Read more
1 2 3 104