GDPR Readiness: How GDPR Impacts Privacy Policies

by Sarah Harvey / July 12, 2023

Privacy Policies and GDPR Since GDPR has become enforceable, the impact of the law on privacy policies has been quite noticeable. Did you receive an influx of emails from your favorite companies notifying you of updates to their privacy policies? In an effort to create GDPR-compliant privacy policies, many organizations rushed to meet the May 25th, 2018 enforcement deadline. But what are some of the mistakes these companies are making while…

What NY CRR 500 Means for Vendor Compliance Management

by Sarah Harvey / December 16, 2022

NY CRR 500 and Vendor Compliance In March 2017, the New York State Department of Financial Services Cybersecurity Requirements Regulation for Financial Services Companies Part 500 (NY CRR 500) of Title 23 went into effect, establishing new cybersecurity requirements for financial services companies. NY CRR 500 requires that financial services companies (covered entities) develop a cybersecurity program that protects the confidentiality, integrity, and availability of sensitive customer information and information…

What to Look for in a Quality Vendor

by Sarah Harvey / June 15, 2023

Vendor Compliance Most organizations utilize third-party vendors to assist them in fulfilling their business needs because they just can’t do it all themselves. These vendors play a critical role in allowing organizations to sustain their business, but they can also be a liability for a company. Why? Because if a third-party vendor isn’t properly vetted, they can pose a major risk to an organization. Let’s say that your organization is…

Monitoring Employee Records and Communications Best Practices

by Benjamin Wright / February 22, 2023

 Should Companies Monitor Employee Records and Communications? When organizations supply their employees with personal electronic devices, such as laptops, cell phones, or tablets, they will often have a policy or contract that explains that the employer reserves the right to monitor employee records and communications while they’re using company-owned equipment. Although these devices are used for personal communication as well as work reasons, such policies exist to ensure that…

Who has the Legal Right to Employee Mobile Phones, Tablets, and Computers?

by Benjamin Wright / December 22, 2022

 What are the Challenges of a Bring-Your-Own-Device Policy? Given that personal electronics are so prevalent in today’s society, navigating how to implement and enforce policies in the workplace regarding the use of devices (such as cell phones, tablets, and computers) can be challenging. It is often questioned who has the control over the records that are created and stored on such devices – is it the employee or the…