Mapping California Consumer Privacy Act (CCPA) with GDPR (Whitepaper)

Many organizations are bracing for the recent wave of Privacy regulations announced this year. In May, GDPR became enforceable, then in June California passed the California Consumer Privacy Act (effective starting 2020).  These landmark regulations provide new privacy requirements for businesses collecting and/or processing data. The purpose of this whitepaper is to compare requirements under[…]

Executive Summary of the California Consumer Privacy Act (CCPA)

On June 28, 2018, California signed into law Assembly Bill 375, the California Consumer Privacy Act (“CCPA”).  Scheduled to be effective January 1, 2020, the CCPA is based on the principles that, “California consumers should be able to exercise control over their personal information, and they want to be certain that there are safeguards against[…]

GDPR: Understanding the Impact of Automated Decision Making and Profiling (Whitepaper)

Profiling and automated decision-making are not prohibited under GDPR.  However, both of these activities are subject to detailed requirements on when they can legitimately be performed and what must be communicated to data subjects. Key Questions: 1| How are automated decision-making and profiling defined under GDPR? 2| How do the general rules of GDPR apply[…]

GDPR: Understanding the Roles and Responsibilities of Cloud Service Providers (Whitepaper)

Whether it is a software or infrastructure as a service (SaaS/IaaS) almost everyone is relying on the cloud. Have you considered how this impacts your GDPR strategy? In this whitepaper we set out to clarify the role of cloud service providers as well as users of cloud services.  Key Questions: 1) What is your role(s)[…]

Navigating the CMS Enhanced Direct Enrollment Audit (Whitepaper)

Beginning enrollment period 2019, all qualified health plan issuer or web-broker in the Federally-facilitated Exchange must follow the Direct Enrollment rules and obtain a CMS audit from an independent auditor to host application and enrollment services on your website. What is in the Whitepaper: 1 | CMS Requirements including business requirements audit, the security and[…]

State-by-State Breakdown of Cybersecurity Legislation (Whitepaper)

As cybersecurity incidents, such as the Equifax data breach, continue to occur, states are beginning to recognize the need to impose cybersecurity requirements on companies in order to protect the personal information of individuals resident in the state. Many states’ cybersecurity laws have traditionally been focused on penalizing hackers and cybercriminals for criminal behavior. However,[…]

GDPR: Simplifying the Data Protection Impact Assessment Requirement (Whitepaper)

The EU’s new General Data Protection Regulation (“GDPR”) introduces the concept of a Data Protection Impact Assessment (“DPIA”); defined as an analysis of the risks of processing operations on the “rights and freedoms” of data subjects.This means that if your company is processing the data of individuals who are EU citizens you may have to[…]

GDPR: Simplifying the Complex Vocabulary of the General Data Protection Regulation (Whitepaper)

Approved by the European Union on April 14, 2016 and fully enforceable beginning May 25, 2018, General Data Protection Regulation (GDPR) is arguably the most wide-reaching change to privacy requirements to date. How wide reaching is GDPR? If you are located in the EU and control or process personal data, if you offer goods or[…]

Simple Guide to SOC for Cybersecurity (Whitepaper)

In April 2017 the AICPA released the SOC for Cybersecurity examination. The report’s goal is to provide Companies a report type that is more appropriate for general distribution and that also provides report readers visibility into the Company’s cybersecurity risk management program. This whitepaper provides an overview of SOC for Cybersecurity and clarifies the distinctions[…]

Information Protection: A Practical Strategy for Identifying and Controlling Your Most Valuable Data (Whitepaper)

Do you have an inventory of your Company’s most critical data and information assets? Do you know where those information assets are located throughout the Company? Do you have confidence that your most valuable information is only accessible to appropriate individuals? If you are wrestling with these questions you aren’t alone. Companies across the globe[…]