-
Privacy & Compliance
Jan 29, 2021
Risk Management Framework (RMF): An Overview
The Risk Management Framework (RMF) is a set of criteria that dictate how the United States government IT systems must be architected, secured, and monitored.
Michael Buckbee
6 min read
-
Data Security Privacy & Compliance
Dec 22, 2020
5 Priorities for the CISO Budget In 2021
“Take the CISO job,” they said. “It’ll be great,” they said.
Michael Buckbee
8 min read
-
Privacy & Compliance
Aug 17, 2020
California Privacy Rights Act (CPRA): Your Up-To-Date Guide to CCPA 2.0
Technology and social media giants like Facebook and Google are about to get a huge reality check in how they handle customer data. The California Privacy Rights Act (CPRA) is on the ballot for Californians and would introduce a new slew of standards and initiatives to improve data protection and privacy for all Californians.
David Harrington
6 min read
-
Privacy & Compliance
Jun 19, 2020
GDPR Data Breach Guidelines
Index Personal Data Breach vs. Reportable Breach Notifying the Regulators Breach Notification and Ransomware Individual Reporting Breach Notification in Phases Notification Details This Is Not Legal Advice The General Data Protection Regulation (GDPR) is set to go into effect in a few months — May 25 2018 to be exact. While the document is a great read for experienced data security attorneys, it would be nifty if we in the IT world got some practical advice on some of its murkier sections — say, the breach notification rule as spelled out in articles 33 and 34.
Michael Buckbee
8 min read
-
Privacy & Compliance
Jun 19, 2020
A Few Thoughts on Data Security Standards
Did you know that the 462-page NIST 800-53 data security standard has 206 controls with over 400 sub-controls1? By the way, you can gaze upon the convenient XML-formatted version here. PCI DSS is no slouch either with hundreds of sub-controls in its requirements’ document. And then there’s the sprawling IS0 27001 data standard.
Michael Buckbee
3 min read
-
Privacy & Compliance
Jun 19, 2020
Do Your GDPR Homework and Lower Your Chance of Fines
Advice that was helpful during your school days is also relevant when it comes to complying with the General Data Protection Regulation (GDPR): do your homework because it counts for part of your grade! In the case of the GDPR, your homework assignments involve developing and implementing privacy by design measures, and making sure these policies are published and known about by management.
Michael Buckbee
3 min read
-
Data Security Privacy & Compliance
Jun 17, 2020
Wyden’s Consumer Data Protection Act: Preview of US Privacy Law
This article is part of the series "GDPR American-Style". Check out the rest: Wyden’s Consumer Data Protection Act: Preview of US Privacy Law Wyden’s Consumer Data Protection Act: How to Be Compliant
Michael Buckbee
4 min read
-
Privacy & Compliance
Jun 17, 2020
Data Security and Privacy Lessons From Recent GDPR Fines
We’re more than a year into the General Data Protection Regulation (GDPR) era, and we now have a few enforcement actions under our belts as data points. Earlier in 2019, there was the jaw-dropping $56 million fine by the French regulators against Google. More recently, the UK’s data protection authority, the ICO, announced its intent to fine British Airways over $200 million — almost 1% of its worldwide revenue — and Marriott International $120 million for GDPR violations.
Michael Buckbee
5 min read
-
Privacy & Compliance
Jun 17, 2020
North Carolina Proposes Tougher Breach Notification Rules
If you’ve been reading our amazing blog content and whitepaper on breach notification laws in the US and worldwide, you know there’s often a hidden loophole in the legalese. The big issue — at least for data security nerds — is whether the data security law considers mere unauthorized access of personally identifiable information (PII) to be worthy of a notification.
Michael Buckbee
3 min read
-
Privacy & Compliance
Jun 17, 2020
Understanding the Relationship Between the GDPR and ePrivacy Directive
Remember last May when our favorite sites were suddenly asking our consent to collect cookie information? The answer given by the media and other experts for this flurry of cookie consent pop-ups was this was a result of the General Data Protection Regulation (GDPR). That’s partially true.
Michael Buckbee
4 min read
-
Data Security Privacy & Compliance
Jun 17, 2020
Right to be Forgotten: Explained
The “Right to be Forgotten” (RTBF) is a key element of the new EU General Data Protection Regulation (GDPR), but the concept pre-dates the latest legislation by at least five years. It encompasses the consumers’ rights to request that all personal data held by the company —or “controller” in GDPR-speak — be removed on request. But it goes further: the GDPR rules (see its article 17 ) says that search engines (like Google) have to delete references to personal data that comes up publically in search results.
Michael Buckbee
5 min read
-
Data Security Privacy & Compliance
Jun 17, 2020
How to Discover GDPR Data With Varonis
GDPR goes into effect in less than 85 days – but there’s still time to prepare. The first step in getting ready for the upcoming deadline is to discover and classify your GDPR data.
Michael Buckbee
2 min read
SECURITY STACK NEWSLETTER
Ready to see the #1 Data Security Platform in action?
Ready to see the #1 Data Security Platform in action?
“I was amazed by how quickly Varonis was able to classify data and uncover potential data exposures during the free assessment. It was truly eye-opening.”
Michael Smith, CISO, HKS
"What I like about Varonis is that they come from a data-centric place. Other products protect the infrastructure, but they do nothing to protect your most precious commodity — your data."
Deborah Haworth, Director of Information Security, Penguin Random House
“Varonis’ support is unprecedented, and their team continues to evolve and improve their products to align with the rapid pace of industry evolution.”
Al Faella, CTO, Prospect Capital