-
Mar 29, 2020
GDPR: The Right to Be Forgotten and AI
One (of the many) confusing aspects of the EU General Data Protection Regulation (GDPR) is its “right to be forgotten”. It’s related to the right to erasure but takes in far...
Michael Buckbee
3 min read
-
Mar 29, 2020
NYDFS Cybersecurity Regulation in Plain English
Learn about the new NYDFS cybersecurity regulation and the rules for basic principles of data security, documentation of security policies, and much more.
Michael Buckbee
5 min read
-
Jun 25, 2018
How Privacy Policies Have Changed Since GDPR
In March the EU's General Data Protection Regulation went into effect. The data privacy law aims to create greater transparency around how personal data is handled. As a result of GDPR, privacy policies across the web were changed. We look at how GDPR changed the policies of some of tech's biggest names.
Rob Sobers
6 min read
-
May 02, 2018
Canada’s PIPEDA Breach Notification Regulations Are Finalized!
While the US — post-Target, post-Sony, post-OPM, post-Equifax — still doesn’t have a national data security law, things are different north of the border. Canada, like the rest of the...
Michael Buckbee
2 min read
-
Apr 20, 2018
Another GDPR Gotcha: HR and Employee Data
Have I mentioned recently that if you’re following the usual data security standards (NIST, CIS Critical Security Controls, PCI DSS, ISO 27001) or common sense infosec principles (PbD), you shouldn’t...
Michael Buckbee
3 min read
-
Apr 12, 2018
SHIELD Act Will Update New York State’s Breach Notification Law
Those of you who have waded through our posts on US state breach notification laws know that there are few very states with rules that reflect our current tech realities....
Michael Buckbee
3 min read
-
Apr 11, 2018
What Experts Are Saying About GDPR
You did get the the memo that GDPR goes into effect next month? Good! This new EU regulation has a few nuances and uncertainties that will generate more questions than...
Michael Buckbee
5 min read
-
Oct 23, 2017
GDPR By Any Other Name: The UK’s New Data Protection Bill
Last month, the UK published the final version of a law to replace its current data security and privacy rules. For those who haven’t been following the Brexit drama now...
Michael Buckbee
3 min read
-
Apr 20, 2017
Data Security Compliance and DatAdvantage, Part III: Protect and Monitor
At the end of the previous post, we took up the nuts-and-bolts issues of protecting sensitive data in an organization’s file system. One popular approach, least-privileged access model, is often...
Michael Buckbee
5 min read
-
Apr 14, 2017
Data Security Compliance and DatAdvantage, Part II: More on Risk Assessment
I can’t really overstate the importance of risk assessments in data security standards. It’s really at the core of everything you subsequently do in a security program. In this post...
Michael Buckbee
5 min read
-
Apr 03, 2017
Data Security Compliance and DatAdvantage, Part I: Essential Reports for Risk Assessment
Over the last few years, I’ve written about many different data security standards, data laws, and regulations. So I feel comfortable in saying there are some similarities in the EU’s...
Michael Buckbee
4 min read
-
Mar 20, 2017
Cybercrime Laws Get Serious: Canada’s PIPEDA and CCIRC
In this series on governmental responses to cybercrime, we’re taking a look at how countries through their laws are dealing with broad attacks against IT infrastructure beyond just data theft....
Michael Buckbee
1 min read