The General Data Protection Regulation (GDPR) has fundamentally changed how organizations do business in the European Union. It isn’t enough to undergo audits or meet arbitrary security requirements. Like many high-stakes security contexts, GDPR requires a company to dedicate significant time to maintaining data privacy, cybersecurity and consumer rights. 

To help address high-risk data processing situations, GDPR may require your business to complete a Data Protection Impact Assessment or a DPIA. For many companies, these are not optional so we will cover the details in this article. 

Read More

HIPAA was passed into law in 1996–not exactly the heyday of digital technology. It wasn’t until over a decade later that Congress decided to implement updates to the law to address the rise of digital technology. Their goal? To push providers to update their record-keeping to Electronic Health Record (EHR) systems, secure those systems effectively, and eliminate the loopholes that would prevent adherence to the law. 

Thus, the Health Information Technology for Economic and Clinical Health, or HITECH, was born. Here, we’ll discuss some of the changes that HITECH made to HIPAA law and how that informs the compliance obligations of businesses in the healthcare industry. 

Read More

It’s a new year, and with a new year come new security challenges and new takes on old favorites. While phishing, social engineering, and state-sponsored attacks are still significant issues, new machine learning innovations support better security efforts. But emerging attack vectors like IoT objects are shifting the cybersecurity battleground into new and unknown territory. 

Here are some of the top trends we see down the road in 2022. 

Read More