All
Sector - Small Business
Sector - Senior Living
Sector - Hotels
Sector - Healthcare
Cybersecurity
Data Security
User Access & Privileging
Health and Safety
Manufacturing & Machinery
Supply Chain
Process Governance
Financial Discipline
Human Resources
Continuity & Recovery
Compliance
Artificial Intelligence
Data Regulations
Data Management
Software Development
Ethics & Sustainability
Getting Started
Artificial Intelligence Governance
Artificial Intelligence (AI) is integrating into nearly everything we interact with, and the pace of development is accelerating. But AI brings with it certain unique concerns around privacy, built in human bias, ethical and cultural bias, and unintended consequences. The developing and evolving focus on AI governance will help you address these concerns and provide guidance in an area affecting both small and large businesses in nearly all industries.
Robotic Process Automation
Automating processes to manage high volumes of transactions using virtual robotic systems requires adjusting how employees interact with these non-human entities. Robotic process automation (RPA) is not just another system or database tool. There are implications to your workforce, systems, processes, procedures, security, risk, access, and change control. Understand how to properly manage the technical and process changes that a robotic ('bot') system brings to a company.
Data Laws and Regulations by Location
There are multiple laws and regulations related to the security and management of customer data. Regions, countries, and states throughout the world have different requirements. A company is responsible for meeting the specific requirements of each location they operate in.
Data Regulation EU GDPR
The primary goal of GDPR is to give control of personal data back to citizens and residents of the EU. This is reflected by requirements that subjects give consent before data is processed, that collected data is anonymized (remove identifiable information) and safely handled when transferred, and that breaches are handled with the utmost urgency and care. The regulation also applies strict rules to the export of personal data to entities outside of the EU and requires certain types of companies to appoint data protection officers for overseeing GDPR compliance within their organizations.
Data Regulation US CA Shine the Light
California Civil Code 1798.83 to .84 requires all nonfinancial businesses to disclose to customers, in writing or by electronic mail, the types of personal information the business shares with or sells to a third party for direct marketing purposes or for compensation. Under the California law, businesses may post a privacy statement that gives customers the opportunity to choose not to share information at no cost.
Data Regulation PCI DSS
PCI DSS compliance is essential for any company handling credit card information. It entails maintaining a secure data network, regularly monitoring networks, and implementing security controls, among other rules. Most small-to-medium sized businesses fall into Level 4 (<20,000 transactions per year) and are required to submit the relevant Self-Assessment Questionnaire (SAQ) report.
Data Regulation US HIPAA
Sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA compliance. Regulations focus on the handling of medical information, including privacy and security. The regulation requires that any company handling healthcare data, from hospitals to insurance companies, must comply with HIPAA security standards when transmitting and storing electronic protected health information (ePHI).
Data Regulation US HBNR
The Federal Trade Commission (FTC), the nation’s consumer protection agency, has issued the Health Breach Notification Rule to require certain businesses not covered by HIPAA to notify their customers and others if there’s a breach of unsecured, individually identifiable electronic health information. This FTC rule does not apply if you are a HIPAA covered entity or to the extent you are acting as a HIPAA business associate.
Data Regulation US Red Flags Rule
Identity Theft Red Flags Rule requires financial institutions to implement a program to detect, prevent, and mitigate identity theft.
Data Regulation US SOX 404
The goal of SOX 404 is to implement accounting and disclosure requirements that increase transparency in corporate governance and financial reporting. Focus is on a company's formal system of internal checks and balances. Information technology (IT) controls are specific activities performed by persons or systems to ensure that business objectives are met. IT control objectives relate to the confidentiality, integrity, and availability of data.