Blog

Privacy & Compliance

Canada’s PIPEDA Breach Notification Regulations Are Finalized!

Michael Buckbee

Michael Buckbee

While the US — post-Target, post-Sony, post-OPM, post-Equifax — still doesn’t have a national data security law, things are different north of the border. Canada, like the rest of the...

Another GDPR Gotcha: HR and Employee Data

Michael Buckbee

Michael Buckbee

Have I mentioned recently that if you’re following the usual data security standards (NIST, CIS Critical Security Controls, PCI DSS, ISO 27001) or common sense infosec principles (PbD), you shouldn’t...

SHIELD Act Will Update New York State’s Breach Notification Law

Michael Buckbee

Michael Buckbee

Those of you who have waded through our posts on US state breach notification laws know that there are few very states with rules that reflect our current tech realities....

What Experts Are Saying About GDPR

Michael Buckbee

Michael Buckbee

You did get the the memo that GDPR goes into effect next month? Good! This new EU regulation has a few nuances and uncertainties that will generate more questions than...

SEC Guidance on Cyber Incidents and Risk Disclosures

Michael Buckbee

Michael Buckbee

You know, because you read it here in the IOS blog, that in the US data breach reporting is not nearly as strict and comprehensive as in the EU. At...

GDPR By Any Other Name: The UK’s New Data Protection Bill

Michael Buckbee

Michael Buckbee

Last month, the UK published the final version of a law to replace its current data security and privacy rules. For those who haven’t been following the Brexit drama now...

Data Security Compliance and DatAdvantage, Part III:  Protect and Monitor

Michael Buckbee

Michael Buckbee

At the end of the previous post, we took up the nuts-and-bolts issues of protecting sensitive data in an organization’s file system. One popular approach, least-privileged access model, is often...

Data Security Compliance and DatAdvantage, Part II:  More on Risk Assessment

Michael Buckbee

Michael Buckbee

I can’t really overstate the importance of risk assessments in data security standards. It’s really at the core of everything you subsequently do in a security program. In this post...

Data Security Compliance and DatAdvantage, Part I:  Essential Reports for Risk Assessment

Michael Buckbee

Michael Buckbee

Over the last few years, I’ve written about many different data security standards, data laws, and regulations. So I feel comfortable in saying there are some similarities in the EU’s...

Cybercrime Laws Get Serious: Canada’s PIPEDA and CCIRC

Michael Buckbee

Michael Buckbee

In this series on governmental responses to cybercrime, we’re taking a look at how countries through their laws are dealing with broad attacks against IT infrastructure beyond just data theft....

Cybersecurity Laws Get Serious: EU’s NIS Directive

Michael Buckbee

Michael Buckbee

In the IOS blog, our cyberattack focus has mostly been on hackers stealing PII and other sensitive personal data. The breach notification laws and regulations that we write about require...

GDPR: Do You Have to Hire a DPO?

Michael Buckbee

Michael Buckbee

I suspect right about now that EU (and US) companies affected by the General Data Protection Regulation (GDPR) are starting to look more closely at their compliance project schedules. With...

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.