Compliance, Education and Exercises - Information Management Today

CPPA Board Holds Meeting on Revised Draft Regulations for Risk Assessment and Automated Decisionmaking Technology

Hunton Privacy

MARCH 15, 2024

Submission Requirements Still require the proactive submission of risk assessment materials, including a certification of compliance, risk assessments in abridged form and optionally risk assessments in unabridged form, to the CPPA on an annual basis. Streamline what must be included in an abridged risk assessment.

Risk

Risk Artificial Intelligence Compliance Privacy

Microsoft 365 SharePoint Records Management Training Course on May 15th 9am-1pm CST via ARMA International

IG Guru

MAY 3, 2023

This four-day interactive program is designed by records managers for records managers, giving you an overview of Microsoft's compliance features from a standards perspective, how to assess information risk, and hands-on experience with practical exercises. Book now for their next session starting May 15th, 9 AM-1 PM

Records Management

Records Management Compliance Risk Education

France: The CNIL publishes a practical guide on Data Protection Officers

DLA Piper Privacy Matters

NOVEMBER 29, 2021

Among the organizations that have designated a DPO, the most represented sectors are, unsurprisingly, the public administration, education and health sectors. The DPO is responsible for the monitoring of the organization’s compliance with the GDPR. The Guide is composed of four main Parts : I. Provide information and advice.

GDPR

GDPR Compliance Personal data Communications

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Biden-Harris Administration Announces New Actions to Promote Responsible Artificial Intelligence Innovation

Hunton Privacy

MAY 12, 2023

In addition, the new Institutes announced they will advance AI R&D to drive breakthroughs in critical areas, including climate, agriculture, energy, public health, education and cybersecurity. Public assessments of existing generative AI systems.

Artificial Intelligence

Artificial Intelligence Agriculture Cybersecurity Risk

SEC Announces 2022 Examination Priorities: Private Funds, ESG, Retail, Cyber, Digital Assets Top the List

Data Matters

APRIL 6, 2022

Importance of Compliance Programs. 5 Priorities include risks associated with firms’ use of emerging financial technologies and whether their compliance programs consider and address those risks; firms offerings new products and services or employing new practices (e.g.,

Retail

Retail Compliance Sales Risk

Texas enacts comprehensive privacy law

Data Protection Report

JUNE 21, 2023

The new law has exclusions for Gramm-Leach-Bliley-covered financial institutions, HIPAA-covered covered entities and business associates, non-profits, institutes of higher education, and electric utilities, power generation companies, and retail electric providers. A similar requirement applies with respect to the sale of biometric data.

Privacy

Privacy Personal data Sales Retail

Tips for Gamifying Your Cybersecurity Awareness Training Program

Security Affairs

NOVEMBER 29, 2022

In today’s technological world, educating people about cybersecurity awareness is an absolute necessity. It is important when developing and implementing these programs to be aware of what methods of education work best. Team Exercises. In service of that end, gamification is a highly effective tactic.

Cybersecurity

Cybersecurity Data breaches Education Phishing

New SEC Cybersecurity Rules Could Affect Private Companies Too

eSecurity Planet

SEPTEMBER 23, 2022

Also read: Security Compliance & Data Privacy Regulations. See the top Governance, Risk & Compliance (GRC) tools. None of the proposals implement any specific requirements for a level of expertise, metrics to hit, tools to implement, or standards for compliance. Compliance through consequences.

Cybersecurity

Cybersecurity Compliance Risk Communications

How to create a cyber incident response plan when you have a hybrid workforce

IT Governance

SEPTEMBER 8, 2021

Educate employees on their responsibilities. So how should organisations approach employee education? As such, “conducting tabletop and disaster recovery exercises with everyone remote may be an adaptation, but it isn’t an insurmountable one”. Looking for more advice?

Communications

Communications Risk Education Compliance

BELGIUM: Belgian DPA reveals its strategy for the next 5 years.

DLA Piper Privacy Matters

FEBRUARY 11, 2020

The DPA will be especially focussing on enhancing GDPR compliance in the following industry sectors: Telecom and media sector , due to the large amount of data they process. The DPA lists three topics of high social significance and wishes to ensure compliance by data controllers and processors. 5 INDUSTRY SECTORS ON THE RADAR SCREEN.

IT

IT GDPR Compliance Personal data

What are the Data Subject Rights under the GDPR?

IT Governance

JUNE 15, 2018

Even though the EU General Data Protection Regulation (GDPR) is now in effect, many organisations are still working towards compliance. Organisations must let individuals know how they can exercise these rights, and meet requests promptly. One of the most important steps is to educate employees on how to comply with requests lawfully.

GDPR

GDPR Personal data Compliance Access

The Copyright Card Game

CILIP

NOVEMBER 12, 2018

Copyright the Card Game is an open educational game resource designed to train educators and information / e-learning professionals in HE and other educational institutions in UK copyright law. The resource reflects the important changes to educational copyright exceptions in 2014. Copyright the Card Game ? Instructions.

Education

Education Risk Paper Compliance

Understanding HIPAA: A Guide to Avoiding Common Violations

Armstrong Archives

AUGUST 25, 2023

In this article, we’ll talk more about the HIPAA, the importance of compliance, some common HIPAA violations, and more! Some of the data that it covers are: Electronic health records Billing details Health insurance information The Importance of Compliance There are severe consequences to not abiding by the HIPAA rules.

Computer and Electronics

Computer and Electronics Insurance Compliance Risk

Less than two months to go until DSP Toolkit submission deadline

IT Governance

FEBRUARY 19, 2019

Less than two months remain for healthcare organisations to demonstrate compliance with NHS Digital’s DSP (Data Security and Protection) Toolkit. Staff awareness has been added as a requirement of the DSP Toolkit to tackle the risks that poor education around data handling poses to healthcare organisations. Demonstrating compliance.

GDPR

GDPR Compliance Government Information Security

How to implement data governance

Collibra

NOVEMBER 20, 2020

Establish communications, and deliver education to consumers to find, utilize, and trust data. If you need a cost justification exercise, it should be done outside of the strategy so as not to delay the development of the strategy. Detailed process definition and technology education should be a roadmap step.

Government

Government Education Communications Metadata

PIPL: A Game Changer for Companies in China

Data Protection Report

AUGUST 24, 2021

It will add another layer of complexity with respect to compliance with China’s security and data laws and regulations. the methods and procedures for exercising the rights provided in the PIPL with the overseas recipient. The PIPL is a game changer for any company with data or business in China.

GDPR

GDPR Compliance Analytics Education

US: Virginia passes comprehensive consumer data protection law

DLA Piper Privacy Matters

MARCH 18, 2021

The VCDPA does not apply to the following types of entities: Virginia state agencies; financial institutions or data subject to Title V of GLBA; covered entities or business associates governed by HHS’s HIPAA and HITECH rules; nonprofits; or higher education institutions. Key provisions. business-to-business) or employment context.

Personal data

Personal data Sales GDPR Privacy

Ways to Develop a Cybersecurity Training Program for Employees

Security Affairs

APRIL 15, 2022

When delivering cybersecurity training, stress the importance of the training as an exercise that can also be applied elsewhere. It’s crucial to educate employees regarding existing and upcoming data protection laws and how they impact the business. Incentivize the Security Training.

Cybersecurity

Cybersecurity Data Privacy Data breaches Privacy

How to prepare for the California Consumer Privacy Act

Thales Cloud Protection & Licensing

AUGUST 15, 2019

Also, entities under the CCPA must post a “Do Not Sell My Personal Information” link on their websites allowing consumers to easily exercise their right of opting-out. (4) 5) The right of Californians to equal service and price, even if they exercise their privacy rights. Personal Information excluded by the CCPA.

Privacy

Privacy GDPR Digital transformation Sales

If You’re a Cloud Provider or Consumer, Consider These Guidelines on How to Conduct Yourself in Europe: eDiscovery Best Practices

eDiscovery Daily

NOVEMBER 26, 2017

While we were preparing to eat turkey and stuff ourselves with various goodies last week, the Cloud Security Alliance (CSA) provided an important guideline for compliance with the European Union General Data Protection Regulation (GDPR). With the introduction of GDPR, data protection compliance becomes increasingly risk-based.

Cloud

Cloud GDPR Personal data Compliance

5 learnings from the “Meeting the CCPA Challenge” webinar

Collibra

MARCH 12, 2020

Businesses cannot discriminate against a consumer for exercising their rights. Consumers must submit a VCR to exercise their rights and business must respond within 45 days. 3) Data privacy compliance is interdisciplinary. Data privacy compliance requires collaboration across the whole organization. Notice to consumer.

Data Privacy

Data Privacy Privacy Government Compliance

Does your use of CCTV comply with the GDPR?

IT Governance

OCTOBER 3, 2019

You must tell people when you’re collecting their personal information to give them the opportunity to exercise their data subject rights. Compliance with a legal obligation : when processing data for a particular purpose is a legal requirement. The penalties for non-compliance. Make sure people know they’re being recorded.

GDPR

GDPR Privacy Retail Personal data

Insider Trading Charges Brought Against CIO for Post-Breach Trading

Hunton Privacy

MARCH 14, 2018

According to prosecutors, the CIO exercised options and sold his shares after he learned of a cybersecurity breach and before that breach was publicly announced. Equifax has indicated that approximately 147.9 million consumers had personal information that was compromised.

Cybersecurity

Cybersecurity Data breaches Sales Education

FTC Reminds Companies of Impending COPPA Deadline

Hunton Privacy

MAY 15, 2013

On May 15, 2013, the Federal Trade Commission announced that it sent educational letters to over 90 businesses that appear to collect personal information from children under the age of 13, reminding them of the impending July 1 deadline for compliance with the updated Children’s Online Privacy Protection Rule (the “Rule”).

Compliance

Compliance Privacy Education IT

CyberheistNews Vol 13 #14 [Eyes on the Prize] How Crafty Cons Attempted a 36 Million Vendor Email Heist

KnowBe4

APRIL 4, 2023

The voices of third sector representatives (NGOs, foundations, and educational institutions) are considered by government officials when justifying policy positions and determining how resources and political capital are spent. Education about cybersecurity needs to start early," Karabin says. Erika has been a pleasure to work with.

Phishing

Phishing Security awareness Cybersecurity Education

Expert Insight: Cliff Martin

IT Governance

NOVEMBER 28, 2023

Before that, he taught computer systems and network technologies in further and higher education. For more details on the first core requirement, risk management, see our interview with Andrew Pattison, head of GRC [governance, risk and compliance] consultancy Europe, from two weeks ago. What is your view on DORA as a whole?

Risk

Risk Compliance Government Security

5 things HR departments need to know about data protection

IT Governance

OCTOBER 7, 2019

HR plays a crucial role in an organisation’s GDPR (General Data Protection Regulation) compliance. Compliance with a legal obligation : when processing data for a particular purpose is a legal requirement. The department is full of personal data, whether it’s of employees, their next of kin or candidates responding to job adverts.

GDPR

GDPR Personal data Compliance Communications

Hello. Goodbye… Goodbye. Hello

ARMA International

JULY 17, 2023

So, caution should be exercised. It would be great if the whole exercise could be completed in a few days, but in reality, it can take several weeks — if not months — to track down dispersed data, evaluate it, decide on its fate, and enact that fate. Next, consideration must be given to how and when materials will be transferred.

Information governance

Information governance Government Risk IT

Attacks Targeting Oil and Gas Sector Renew Questions About Cybersecurity

Hunton Privacy

APRIL 17, 2018

This is not the case with oil and gas pipelines, where cybersecurity regulations may actually divert resources from actual operational security and toward pure compliance. There are, of course, steps that oil and gas companies can take beyond regulatory compliance to mitigate risk of cyber attack. pipeline network.

Cybersecurity

Cybersecurity Risk Compliance Security

Security in the finance sector: Whose role is it anyway?

CGI

OCTOBER 25, 2015

And, the cost of compliance is on the rise. A recent Financial Post article notes, “…analysts say that much of the hiring in the financial institutions sector has been on the risk management and compliance side. Finance service providers. The standard for reasonable care may have been raised a bit in the U.S.

IT

IT Security Digital transformation Compliance

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

education information. In addition, the business must ensure that all individuals responsible for handling requests and compliance with AB 375 are educated about relevant aspects of the bill and how to direct consumers to exercise their rights under these sections. biometric information. geolocation data.

GDPR

GDPR Privacy Sales Data breaches

What is a Managed Security Service Provider? MSSPs Explained

eSecurity Planet

AUGUST 22, 2023

Expanding compliance requirements and the growing number of regulations make it increasingly difficult for organizations to keep up. Employee training and education services help to prepare employees for potential types of attacks, how to avoid becoming victims, and how to properly report incidents to security teams.

Security

Security Cybersecurity Cloud Access

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

Data Matters

SEPTEMBER 24, 2019

The GDPR was designed to harmonize data protection laws across Europe and to protect EU residents’ data privacy rights; and, its coming triggered significant privacy and data protection compliance activities amongst organizations doing business in the EU and working with the personal data of EU residents. Non-Compliance.

Personal data

Personal data GDPR Data Privacy Privacy

California Enacts Broad Privacy Protections Modeled on GDPR

Data Matters

JUNE 29, 2018

education information. In addition, the business must ensure that all individuals responsible for handling requests and compliance with AB 375 are educated about relevant aspects of the bill and how to direct consumers to exercise their rights under these sections. biometric information. geolocation data.

GDPR

GDPR Privacy Sales Data breaches

7 Best Email Security Software & Tools in 2023

eSecurity Planet

OCTOBER 6, 2023

Conducts phishing simulation exercises and offers training to educate staff on email security best practices, lowering the chance of becoming a victim of phishing attempts. Enforces email content restrictions to guarantee regulatory compliance and safeguard against data breaches. Provides comprehensive email security features.

Security

Security Phishing Compliance Cybersecurity

eDiscovery and the GDPR: Ready or Not, Here it Comes, Part Four: eDiscovery Best Practices

eDiscovery Daily

DECEMBER 10, 2017

Prepare for Data Subjects Exercising Their Rights: These include the right to data portability and the right to be informed as well as the right to be forgotten. Ensure compliance policies and procedures meet GDPR standards. And then, companies should continue by taking the following steps: Build a data map.

GDPR

GDPR e-Discovery IT Compliance

Article 29 Working Party Issues Joint Statement on European Values and Actions for an Ethical European Data Protection Framework

Hunton Privacy

DECEMBER 10, 2014

It defines the essential principles to be included in this framework, as well as key actions that all relevant stakeholders must undertake when ensuring compliance with EU data protection law. According to the Joint Statement, the storage of the relevant data on EU territory is an effective way to facilitate the exercise of such control.

Personal data

Personal data Compliance Privacy Education

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Privacy and Cybersecurity Law

NOVEMBER 9, 2018

This page will enable consumers to exercise the right to opt-out of the sale of their personal information. Businesses will be prohibited from discriminating against any consumer for exercising their rights under the new law. Anti-Discrimination Provisions. As can be seen in SB-1121, amendments are only just beginning to trickle in.

Privacy

Privacy Sales Education Compliance

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Privacy and Cybersecurity Law

NOVEMBER 8, 2018

This page will enable consumers to exercise the right to opt-out of the sale of their personal information. Businesses will be prohibited from discriminating against any consumer for exercising their rights under the new law. Anti-Discrimination Provisions. As can be seen in SB-1121, amendments are only just beginning to trickle in.

Privacy

Privacy Sales Compliance Cybersecurity

How to Prevent Malware: 15 Best Practices for Malware Prevention

eSecurity Planet

OCTOBER 24, 2023

Exercise Caution with Emails The first two items on this list could be lumped together with a single warning: Don’t click. Watch File Extensions: Exercise caution with file extensions; avoid files with suspicious extensions like.exe or.bat, especially from unfamiliar sources.

Passwords

Passwords Encryption Authentication Phishing

Top 12 Firewall Best Practices to Optimize Network Security

eSecurity Planet

DECEMBER 10, 2023

By offering insights into previous traffic, this technique improves threat detection, troubleshooting, and overall security by enabling for educated decision-making and proactive optimization of firewall configurations. Throughout the change management process, keep security and compliance in mind.

Security

Security Education Access Risk

California Privacy Law Overhaul – Proposition 24 Passes

Data Matters

NOVEMBER 4, 2020

While businesses have until January 2023 to comply with CPRA provisions, they should start taking steps to understand and build out compliance programs soon. Restrictions on the Use of Precise Geolocation Information.

Privacy

Privacy B2B Sales Data breaches

FTC Releases Report on Internet of Things

Hunton Privacy

JANUARY 28, 2015

notice and choice – companies should only be required to notify consumers and offer them a choice for uses of their information that are inconsistent with consumer expectations; companies can obviate notice and choice issues by de-identifying data because there is no need to offer consumers choices regarding data that cannot be traced to them.

Privacy

Privacy Risk Data collection Education

What Should Be The Core Competencies For Cybersecurity For C-Suite

Cyber Info Veritas

JULY 18, 2018

Educate the IT professionals, members of the C-suite and all employees on why they should understand the cyber exposure of their company and how cybercriminals exploit data that is collected from reconnaissance to mastermind targeted attacks. This exercise should be as practical as possible rather than using a completely theoretical approach.

Cybersecurity

Cybersecurity Ransomware Information Security Risk

CPPA Board Holds Meeting on Revised Draft Regulations for Risk Assessment and Automated Decisionmaking Technology

Microsoft 365 SharePoint Records Management Training Course on May 15th 9am-1pm CST via ARMA International

Webinars

Trending Sources

France: The CNIL publishes a practical guide on Data Protection Officers

Webinars

Biden-Harris Administration Announces New Actions to Promote Responsible Artificial Intelligence Innovation

SEC Announces 2022 Examination Priorities: Private Funds, ESG, Retail, Cyber, Digital Assets Top the List

Texas enacts comprehensive privacy law

Tips for Gamifying Your Cybersecurity Awareness Training Program

New SEC Cybersecurity Rules Could Affect Private Companies Too

How to create a cyber incident response plan when you have a hybrid workforce

BELGIUM: Belgian DPA reveals its strategy for the next 5 years.

What are the Data Subject Rights under the GDPR?

The Copyright Card Game

Understanding HIPAA: A Guide to Avoiding Common Violations

Less than two months to go until DSP Toolkit submission deadline

How to implement data governance

PIPL: A Game Changer for Companies in China

US: Virginia passes comprehensive consumer data protection law

Ways to Develop a Cybersecurity Training Program for Employees

How to prepare for the California Consumer Privacy Act

If You’re a Cloud Provider or Consumer, Consider These Guidelines on How to Conduct Yourself in Europe: eDiscovery Best Practices

5 learnings from the “Meeting the CCPA Challenge” webinar

Does your use of CCTV comply with the GDPR?

Insider Trading Charges Brought Against CIO for Post-Breach Trading

FTC Reminds Companies of Impending COPPA Deadline

CyberheistNews Vol 13 #14 [Eyes on the Prize] How Crafty Cons Attempted a 36 Million Vendor Email Heist

Expert Insight: Cliff Martin

5 things HR departments need to know about data protection

Hello. Goodbye… Goodbye. Hello

Attacks Targeting Oil and Gas Sector Renew Questions About Cybersecurity

Security in the finance sector: Whose role is it anyway?

California Enacts Broad Privacy Laws Modeled on GDPR

What is a Managed Security Service Provider? MSSPs Explained

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

California Enacts Broad Privacy Protections Modeled on GDPR

7 Best Email Security Software & Tools in 2023

eDiscovery and the GDPR: Ready or Not, Here it Comes, Part Four: eDiscovery Best Practices

Article 29 Working Party Issues Joint Statement on European Values and Actions for an Ethical European Data Protection Framework

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

How to Prevent Malware: 15 Best Practices for Malware Prevention

Top 12 Firewall Best Practices to Optimize Network Security

California Privacy Law Overhaul – Proposition 24 Passes

FTC Releases Report on Internet of Things

What Should Be The Core Competencies For Cybersecurity For C-Suite

Stay Connected