When considering security and finance, we typically consider regulations like PCI DSS, SOX, or FINRA. But if you’re a company doing business in Europe, there’s another framework you need to consider–GDPR. This set of regulations not only governs the exchange of consumer data but also has a massive impact on how financial organizations navigate commerce in the EU and across borders. 

Here, we’ll cover some basics financial institutions might want to consider when adopting GDPR requirements. 

Read More

Companies and data brokers, armed with sophisticated data collection techniques, amass vast amounts of personal data, often without the explicit consent or awareness of the individuals concerned. The urgency of the matter has propelled jurisdictions worldwide to enact stringent data protection laws. 

This article explores a new development in privacy law: the Data Delete Act. This law is just one in a longer (but recent) history of laws that include the General Data Protection Regulation (GDPR) of the European Union and the California Consumer Privacy Act (CCPA).

Here, we’ll discuss the law, its relationship to more extensive privacy regulations, and what best practices affected organizations can take to comply with it. 

Read More

As previously discussed, ISO/IEC 27701 is a comprehensive international standard that provides specific privacy guidelines for organizations attempting to meet additional standards for handling PII in line with jurisdictions like GDPR. This document aligns ISO-compliant organizations with PII-focused standards by implementing Privacy Information Management Systems (PIMS).

So far, we’ve covered how ISO 27701 refines ISO 27001 and ISO 27002 guidelines to emphasize handling PII and those specific to data controllers. In this final blog post of our series, we will look closely at Section 8 of ISO 27701 and explore specific guidelines for processors handling PII.

Read More