All

Sector - Small Business

Sector - Senior Living

Sector - Hotels

Sector - Healthcare

Cybersecurity

Data Security

User Access & Privileging

Health and Safety

Manufacturing & Machinery

Supply Chain

Process Governance

Financial Discipline

Human Resources

Continuity & Recovery

Compliance

Artificial Intelligence

Data Regulations

Data Management

Software Development

Ethics & Sustainability

Getting Started

Data Regulation US CCPA

The new California data privacy act SB1386 or AB-375 was effective Jan 1, 2020. The CCPA focuses exclusively on data collection and privacy. Citizens have the right to bring a civil action against companies that violate the law.

Data Regulation CAN CASL

The Canadian law sets clear requirements for all commercial emails. The Canadian Radio-television and Telecommunications Commission (CRTC) works hand in hand with its international counterparts—including agencies in the U.S., U.K., and Australia—to investigate and enforce violations of CASL by international senders.

Data Regulation US Privacy Shield

The EU-U.S. Privacy Shield Framework provides a method for companies to transfer personal data to the United States from the European Union (EU) in a way that is consistent with EU law. To join the Privacy Shield Framework, a company must self-certify to the Department of Commerce that it complies with the Privacy Shield Principles. Requirements of the EU-U.S. and Swiss-U.S. Privacy Shield are the same.

Data Regulation US COPPA

Children's Online Privacy Protection Act requires websites that collect information on children under the age of 13 to comply with the Federal Trade Commission (FTC). The FTC determines whether a website is geared towards children by reviewing its language, content, advertising, graphics, features, and intended audience. The law also affects general interest sites looking to collect information from children, whether the site’s operators mean to do so or not. A company must have certain information in their privacy policy and get parental consent before collecting some types of information from children.

Data Regulation US GLBA

The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.

Data Regulation US Disposal Rule

Any large or small business or individual who uses a consumer report for a business purpose is subject to the requirements of the Disposal Rule. The Rule requires the proper disposal of information in consumer reports and records to protect against “unauthorized access to or use of the information.” The Disposal Rule requires disposal practices that are reasonable and appropriate.

Data Regulation US CAN-SPAM

The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003 establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations. It covers all commercial messages, which the law defines as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service."

Data Regulation US OH Data Protection Act

Provides organizations with a legal incentive to achieve a “higher level of cybersecurity” by maintaining a cybersecurity program that substantially complies with any one of the approved industry-recommended frameworks. Companies in compliance with any of the frameworks are entitled to a “legal safe harbor” as a defense against legal claims related to a data breach stemming from alleged failures to adopt reasonable cybersecurity measures.

Data Regulation US CT Gen Statute 42-471

Conn. Gen. Stat. § 42-471 requires any company who collects Social Security numbers in the course of business to create a privacy protection policy. The policy must be "publicly displayed" by posting on a web page and the policy must (1) protect the confidentiality of Social Security numbers, (2) prohibit unlawful disclosure of Social Security numbers, and (3) limit access to Social Security numbers.

Data Regulation US DE Code 6-205C

Del. Code Tit. 6 § 205C affects an operator of a commercial internet website, online or cloud computing service, online application, or mobile application that collects personally identifiable information through the Internet about individual users residing in Delaware. A company must make its privacy policy conspicuously available on its internet website, online or cloud computing service, online application, or mobile application.