Compliance

Scattered Data: What PIPEDA Means for Distributed Enterprises
Josh Mayfield
Scattered Data: What PIPEDA Means for Distributed Enterprises

Sitting in the shadow of laws like GDPR and CCPA, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) has grown teeth and steps into full view today, November 1, 2018. While Canada boasts of several laws related to privacy, it is PIPEDA’s amendments that has companies all over the world scrambling to ensure data protection and that the proper channels are in place when there is unauthorized access...

READ MORE
With Success of NIST CSF, NIST Now Set to Tackle Privacy
Josh Mayfield
With Success of NIST CSF, NIST Now Set to Tackle Privacy

As innovation continues to push forward with AI, IoT and other intelligent technologies that both boost convenience and spur economic growth, protecting an individual’s privacy gets more complicated. Those innovative technologies also capture and store an unprecedented amount of personal data. The growing concern of how to protect that data is one important reason behind the U.S. Department of Commerce’s new effort to create a collaborative privacy framework with...

READ MORE
How HITRUST Can Help You
Josh Mayfield
How HITRUST Can Help You

According to a new study conducted by researchers at Massachusetts General Hospital and published in the Journal of the American Medical Association, the number of annual health data breaches increased 70% over the past seven years. That same study noted that 75% of the 132 million breached, lost, or stolen records were a result of a ‘hacking or IT incident.’ There’s no question healthcare organizations are under siege by...

READ MORE
Adopt v. Comply: The Difference Between Frameworks and Regulations
Josh Mayfield
Adopt v. Comply: The Difference Between Frameworks and Regulations

Recent headlines would lead any rational person to conclude that topics like data security, data privacy, data breach, and ransomware would outrank seemingly solved problems, like compliance. But Google Analytics reveals that, in spite of the bleeding headlines, searches for IT compliance far outnumber the queries for more exciting noun phrases. The statistician, Seth Stephens-Davidowitz has said, “Sometimes, statistical analysis is tricky. But other times, a finding just jumps...

READ MORE
HIPAA Security Rule: Protecting Privacy and Improving Patient Care
Josh Mayfield
HIPAA Security Rule: Protecting Privacy and Improving Patient Care

In my previous post, we looked at the HIPAA Privacy Rule which mandates data protection of health information as a civil right. Boiling the rule down to its simplest form, HIPAA Privacy lays out what data requires protection and who is held accountable for keeping it confidential. However, it’s the HIPAA Security Rule that tells us how that data must be protected. Three Security Safeguard Categories The Security Rule...

READ MORE