Key Takeaways from the SEC’s Cybersecurity Guidance

by Sarah Harvey / December 16, 2022

In February 2018, the US Securities and Exchange Commission (SEC) affirmed something we know to be true: as organizations rely more and more on technology, the frequency and complexity of cybersecurity threats continue to increase. The SEC issued interpretive cybersecurity guidance, which builds upon the Division of Corporation Finance’s guidance from 2011, for public companies to follow when dealing with cybersecurity incidents and risks. This cybersecurity guidance communicates several major…

Canada’s New Breach Notification Law: Preparation and Impact

by Sarah Harvey / December 16, 2022

On November 1, 2018, Canada’s Data Privacy Act amended the Personal Information Protection and Electronic Data Act (PIPEDA) to include Breach of Security Safeguards Regulations. Organizations subject to PIPEDA will now have to report breaches that pose a “real risk of significant harm” to affected individuals to the Office of the Privacy Commissioner of Canada (OPC). What does this new regulation mean for organizations and how can they operate in…

Voice-Enabled Devices and Data Privacy: Lessons Learned from Amazon

by Sarah Harvey / December 16, 2022

“Alexa, what’s the weather like in Nashville today?” Amazon’s Alexa, Apple’s Siri, the Google Assistant – the list of voice assistants and voice-enabled devices seems to just keep growing. “Hey Google, could you set an alarm for 8:00 AM tomorrow?” Their basic goal is to make our lives easier, right? Through voice assistants’ language processing abilities, they can complete all types of tasks – stream music, set an alarm, take…

HITRUST® Across Industries: Where the HITRUST CSF® v9.2 is Headed

by Sarah Harvey / December 16, 2022

Today, HITRUST released the much-anticipated HITRUST CSF v9.2. The changes reflect HITRUST’s effort to leverage international standards and expand adoption into new industries, such as financial services, travel and hospitality, media and entertainment, telecommunications, and startups. Changes in HITRUST CSF v9.2 The two major changes in the HITRUST CSF v9.2 surround its shift to an agnostic framework and the incorporation of international regulatory requirements. The HITRUST CSF v9.2 extracts healthcare-specific…

What is the Ohio Data Protection Act?

by Sarah Harvey / December 16, 2022

During an age when information and data fuels businesses, understanding the value of cybersecurity in protecting data is crucial. Lawmakers and business owners are continuously recognizing the new, complex risks that come from doing business in cyberspace every day. That’s why on August 3, 2018, Ohio Governor John Kasich signed Senate Bill No. 220, the Ohio Data Protection Act. This legislation makes Ohio the first state to enact a law…