dcsimg

What is the New York SHIELD Act? How to Be Compliant

Since the advent of the GDPR, a number of data protections laws have started to spring up that are following a similar type of theme. Of course, given that 4.1 billion records were breached during the first half of 2019, it was really just a matter of time until the authorities were forced to step up their game. On the 28th of June, 2018, we saw the California Consumer Privacy … Read … [Read more...]

The Governance/Compliance Relationship: Strategy and Tactics

We hear a lot about governance in relation to developing regulatory compliance processes and procedures, but do you really know what it is and the role it plays in achieving compliance with governmental and industry mandated IT security and privacy requirements? Governance, management, and compliance: similarities and differences The Cambridge dictionary defines governance as “the […] … [Read more...]

Our Quick Checklist for GDPR Compliance

The GDPR is an EU regulation that came into effect on 25 May 2018. The directive aims to ensure that organizations have policies and procedures put in place to protect the data of EU citizens. Below is a checklist that is designed to assist organizations in complying with the GDPR. 1. Awareness All employees, whether they are IT, executives, general administrators, consultants, sales and marketing … [Read more...]

The Lepide Guide to California Consumer Privacy Act (CCPA) Compliance

The California Consumer Privacy Act (CCPA) is a new data protection bill that will come into effect on the 1st of January 2020. The CCPA is designed to give Californian citizens more control over how their personal data is stored and processed. Under the CCPA, companies must demonstrate that they are able to identify, delete or quarantine personal data in a timely manner, as per the data subjects … [Read more...]

What is the CCPA (California Consumer Privacy Act)?

With the introduction of the GDPR, Europe showed the world that it was taking data privacy and data security laws seriously. Whatever your opinions are on the effects of the GDPR and how GDPR breaches are being handled, it can’t be denied that the thinking behind it is rational. It was only a matter of time before other countries followed suit. In the USA, there is still yet to be … Read … [Read more...]

The psychology of compliance

The human decision-making process is the preferred subject of psychologists and economists. Historically, they adopted an approach of viewing human behaviour as regular and highly predictable. This helped the researchers to build various models in order to comprehend social and economical phenomena. Such systems were compared by Karl Popper to reliable pendulum clocks.  One can take them apart and … [Read more...]

Why Retailers Are a Soft Targets to Hackers (And What to Do About it)

Time and time again, retailers prove to be a popular (and easy) target for hackers. The tangible and intangible costs for an e-commerce site that’s been breached can escalate quickly. In this post, we'll explore the issue, and outline some solutions.  … [Read more...]

PCI DSS Compliance 101: What You Need to Know

If your business deals with credit card payments in any way, then PCI compliance is going to be a fact of life, and an essential part of running your business securely and efficiently. PCI compliance is a critically important step in protecting your customer's or partner's payment card data, and an equally important step in protecting your business from the dire consequences of a data breach. … [Read more...]

4 Myths of PCI Compliance

If your organization is finding it difficult to comply with PCI DSS, the Payment Card Industry Data Security Standard, it could be due to some of the misconceptions about the standard. … [Read more...]

How Can Technology Help with ISO 27001 Compliance?

The International Organization for Standardization (ISO) is a non-governmental organization for setting proprietary, industrial and commercial standards. In the context of data security, ISO 27001 provides standards for developing and implementing information security policies and processes. Such standards are not enforced, but instead provide a framework to help organizations satisfy the relevant … [Read more...]