What to Ask Your Vendors About GDPR Compliance

by Sarah Harvey / December 16, 2022

Are Your Vendors Data Processors? Vendor compliance management is a key starting point towards GDPR compliance. When your organization is deciding whether to use a vendor as part of your GDPR compliance efforts, you must follow GDPR vendor (processor) compliance management best practices. As a controller, you determine the purpose and means for processing personal data. You have authority and decision-making over personal data and take on the responsibilities of…

Been Breached? How to Report Consumer Risk with a Risk Assessment

by Benjamin Wright / April 12, 2023

 Using a Risk Assessment to Report Consumer Risk Because there are so many different laws that regulate how and when an organization must give notice if it has had a data security breach, understanding what the correct plan of action is for your organization or determining how to report consumer risk from breaches might be daunting. Nevertheless, the laws do have one major commonality: does the consumer suffer a…

7 Deadly Breaches of 2018 (So Far)

by Sarah Harvey / December 16, 2022

With the complexity of the current threat landscape, organizations must be more alert than ever to potential data breaches. Who will be next? What happened? What will the fine be? While we’re only midway through 2018, we’ve seen headline after headline from organizations who have come forward to notify their customers of breaches. Let’s a take look at some of the top data breaches of 2018 to learn what went…

Who’s Enforcing GDPR?

by Sarah Harvey / December 16, 2022

The Information Commissioner's Office (ICO) enforces the GDPR as of May 25, 2018. There’s no doubt that GDPR has brought its fair share of challenges into the world of data privacy. GDPR was specifically designed to impact businesses across the globe, not just European Union Member States. Its ultimate goal, though, is to reduce regulatory differences in order to make data protection laws more consistent and make businesses more transparent.…

How to Scope a HITRUST Engagement

by Sarah Harvey / June 14, 2023

One of the most frequent questions that our Information Security Specialists are asked when engaging in a HITRUST CSF assessment with a client for the first time is, “What is the purpose of narrowing the scope of the engagement?” This is a great question and the answer is simple: everything that you do in a HITRUST CSF assessment is about your scope. The larger your scope is, the more complex…