Featured content

The Department of Health and Human Services (HHS) proposed changes to the HIPAA Security Rule at the turn of the 2025 New Year to address several systemic issues and better protect electronic protected health information (ePHI).

As technology continues to advance rapidly, cybersecurity is gaining more importance globally. The emphasis on security stems from the need for organizations to be prepared for when, not if, a breach occurs.

The SEC cybersecurity disclosure rules that went into effect in December 2023 were clarified in June 2024. The guidelines require public companies to report “material” breaches within four business days of the materiality determination and document their processes “for assessing, identifying, and managing material risks from cybersecurity threats” in annual filings.

Earlier this year, the European Parliament and Council agreed to regulate the use of AI in the EU with the passage of the European Union Artificial Intelligence Act (EU AI Act), the world’s first comprehensive AI regulation.

The United States Department of Defense is implementing the Cybersecurity Maturity Model Certification 2.0 (CMMC) program to safeguard cybersecurity across the government’s Defense Industrial Base (DIB), the sector responsible for military weapons systems, subsystems, and components or parts.

Sometimes when I speak with organizations about sensitive data risk, I hear things like, “All of our data is sensitive,” or “We’re sure PII is only in X system.” But it’s not what you know that might be your biggest problem — it’s always what you don’t know.

The Health Insurance Portability and Accountability Act (HIPAA) is one of the cornerstones for both regulatory compliance and healthcare cybersecurity. Hospitals, insurance companies and healthcare providers all need to follow a HIPAA compliance checklist to safeguard private and sensitive patient data.

A series of stunning data breaches in 2022 has prompted lawmakers to begin making changes to the 1988 Australian Privacy Act in the form of the new Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022.

Digital payments are expected to reach an all-time high this year. Projections have digital payment transactions increasing by upwards of 24 percent in 2020 year-over-year, a trend that shows no signs of slowing down. That’s precisely why PCI DSS requirements are more critical than ever, as merchants and payment processors need to ensure the privacy and security of every transaction.

The United States has a patchwork and ever-changing web of laws governing data privacy. While there’s no comprehensive federal privacy decree, several laws do focus on specific data types or situations regarding privacy.

One of the essential aspects of conducting any business is protecting customers' data. As a result, companies must comply with System and Organization Controls (SOC 2) to ensure their organization follows the best data security practices. But what is SOC 2 compliance? And how can you be sure you’re doing everything necessary to achieve SOC 2 compliance?