by John Verry | Sep 27, 2018 | Government
With the EU’s GDPR now in force and California just enacting its Consumer Privacy Act (AB 375), the two-minute warning has sounded for US businesses that work with consumers’ personal data. You must move to implement privacy policies that align with these...
by John Verry | Aug 16, 2018 | InfoSec Strategies
Entities registered with New York State’s Department of Financial Services (NYDFS) are subject to compliance with the 23 NYCRR 500 (aka “Part 500” or “NYDFS 500”) cybersecurity regulation, and a new deadline is fast approaching. Entities who must comply include: Bank...
by John Verry | Jul 31, 2018 | InfoSec Strategies
The National Association of Insurance Commissioners’ (NAIC) adopted the Insurance Data Security Model Law in October 2017. It establishes minimum standards for data security applicable to insurance providers. I believe this legislation will have a significant impact...
by Jeremy Sporn | Mar 16, 2018 | ISMS Consulting
“Covered Entities” that have not yet submitted a certification of compliance for the New York Department of Financial Services’ NYDFS 500 Cybersecurity Regulation (also known as 23 NYCRR 500) received a none-too-gentle “reminder” earlier this month that they need to...
by Jeremy Sporn | Feb 15, 2018 | ISMS Consulting
We are often asked, “What is the best first step to move towards GDPR compliance for US-based organizations?”. The answer: Privacy Shield. How Does GDPR Affect US Companies? US companies have no legal ground to stand on for GDPR compliance. Privacy laws...
