-
Privacy & Compliance
Feb 21, 2017
Cybersecurity Laws Get Serious: EU’s NIS Directive
In the IOS blog, our cyberattack focus has mostly been on hackers stealing PII and other sensitive personal data. The breach notification laws and regulations that we write about require notification only when there’s been acquisition or disclosure of PII by an unauthorized user. In plain speak, the data is stolen.
Michael Buckbee
4 min read
-
Privacy & Compliance
Jan 11, 2017
GDPR: Do You Have to Hire a DPO?
I suspect right about now that EU (and US) companies affected by the General Data Protection Regulation (GDPR) are starting to look more closely at their compliance project schedules. With enforcement set to begin in May 2018, the GDPR-era will shortly be upon us.
Michael Buckbee
3 min read
-
Privacy & Compliance
Oct 11, 2016
The Federal Trade Commission Likes the NIST Cybersecurity Framework (and You Should Too)
Remember the Cybersecurity Framework that was put together by the folks over at the National Institute of Standards and Technology (NIST)? Sure you do! It came about because the US government wanted to give the private sector, specifically the critical infrastructure players in transportation and energy, a proven set of data security guidelines.
Michael Buckbee
2 min read
-
Privacy & Compliance
Aug 23, 2016
HHS to Investigate Smaller HIPAA Privacy Breaches
As a reader of this blog, you know all about Health and Human Services’ (HHS) wall of shame. That’s where breaches involving protected health information (PHI) affecting 500 or more records are posted for the world to see. It’s actually a requirement of HIPAA – technically the HITECH Act. But now there’s been a slight change in breach policy.
Michael Buckbee
1 min read
-
Privacy & Compliance
Aug 03, 2016
What is the Minimum Acceptable Risk Standards for Exchanges (MAR-E)?
Under the Affordable Care Act (ACA) of 2010, there are now online marketplaces to buy health insurance. These are essentially websites that allow consumers to shop around for an insurance policy by comparing plans from different private providers.
Michael Buckbee
4 min read
-
Privacy & Compliance
Jul 27, 2016
Understanding Canada: Ontario’s New Medical Breach Notification Provision (and Other Canadian Data Privacy Facts)
Remember Canada’s profusion of data privacy laws?
Michael Buckbee
1 min read
-
Privacy & Compliance
Jul 19, 2016
Is Browsing Facebook While in the Hospital a HIPAA Violation?
A recently filed federal class-action suit claims that several healthcare providers are violating HIPAA’s rules on protected health information (PHI). If the suit succeeds, privacy advocates say it has the potential to disrupt the way the ad targeting industry deals with the healthcare sector.
Michael Buckbee
2 min read
-
Privacy & Compliance
Jul 07, 2016
EU GDPR: Data Rights and Security Obligations [INFOGRAPHIC]
The EU General Data Protection Regulation (GDPR) isn’t light reading (though we’ve done our best with the Plain English Guide to the GDPR. However, it doesn’t mean that this law’s essential ideas can’t be compressed and rendered into a highly informative infographic.
Michael Buckbee
1 min read
-
Privacy & Compliance
Jun 24, 2016
GDPR: Pseudonymization as an Alternative to Encryption
Have I mentioned lately that the General Data Protection Regulation (GDPR) is a complicated law? Sure, there are some underlying principles, such as Privacy by Design (PbD) and other ideas, that once you understand, the whole thing makes more sense. But there are plenty of surprises when you delve into the legalese. For example, pseudonymization.
Michael Buckbee
3 min read
-
Privacy & Compliance
Dec 11, 2015
What is the EU General Data Protection Regulation?
Table of Contents DPD 2.0 GDPR Vocabulary Articulating the Articles More Articles: The New Stuff Focus Your GDPR Compliance Note: This post now reflects the final version of the EU GDPR.
Michael Buckbee
7 min read
-
Privacy & Compliance
Sep 23, 2015
Penetration Testing Explained, Part I: Risky Business
In most of the security standards and regulations that I’ve been following there’s typically a part titled Risk Assessment. You can find this requirement in HIPAA, PCI DSS, EU GDPR, NIST, and SANS, to reel off just a few four- or five-letter abbreviations.
Michael Buckbee
3 min read
-
Privacy & Compliance
Jan 20, 2015
Inside the World of Insider Threats, Part I: Motivation
As someone once said in a different context, never let a good crisis go to waste. While we still don’t have definitive proof, there’s good evidence that employees were in some way involved in the Sony meltdown—see Did North Korea Really Attack Sony? from Schneier. The larger point is that the Sony breach opens the door to a public discussion on a specific topic—malicious insiders —one which many companies have been very reluctant to discuss or comment.
Michael Buckbee
3 min read
SECURITY STACK NEWSLETTER
Ready to see the #1 Data Security Platform in action?
Ready to see the #1 Data Security Platform in action?
“I was amazed by how quickly Varonis was able to classify data and uncover potential data exposures during the free assessment. It was truly eye-opening.”
Michael Smith, CISO, HKS
"What I like about Varonis is that they come from a data-centric place. Other products protect the infrastructure, but they do nothing to protect your most precious commodity — your data."
Deborah Haworth, Director of Information Security, Penguin Random House
“Varonis’ support is unprecedented, and their team continues to evolve and improve their products to align with the rapid pace of industry evolution.”
Al Faella, CTO, Prospect Capital