All

Sector - Small Business

Sector - Nonprofits

Sector - Senior Living

Sector - Hotels

Sector - Healthcare

Sector - Biosecurity

Cybersecurity

Data Security

User Access & Privileging

Health and Safety

Manufacturing & Machinery

Supply Chain

Process Governance

Financial Discipline

Human Resources

Continuity & Recovery

Compliance

Artificial Intelligence

Data Regulations

Data Management

Software Development

Ethics & Sustainability

Getting Started

Data Regulation US HBNR

The Federal Trade Commission (FTC), the nation’s consumer protection agency, has issued the Health Breach Notification Rule to require certain businesses not covered by HIPAA to notify their customers and others if there’s a breach of unsecured, individually identifiable electronic health information. This FTC rule does not apply if you are a HIPAA covered entity or to the extent you are acting as a HIPAA business associate.

Data Regulation US Red Flags Rule

Identity Theft Red Flags Rule requires financial institutions to implement a program to detect, prevent, and mitigate identity theft.

Data Regulation US SOX 404

The goal of SOX 404 is to implement accounting and disclosure requirements that increase transparency in corporate governance and financial reporting. Focus is on a company's formal system of internal checks and balances. Information technology (IT) controls are specific activities performed by persons or systems to ensure that business objectives are met. IT control objectives relate to the confidentiality, integrity, and availability of data.

Data Regulation US CCPA

The new California data privacy act SB1386 or AB-375 was effective Jan 1, 2020. The CCPA focuses exclusively on data collection and privacy. Citizens have the right to bring a civil action against companies that violate the law.

Data Regulation CAN CASL

The Canadian law sets clear requirements for all commercial emails. The Canadian Radio-television and Telecommunications Commission (CRTC) works hand in hand with its international counterparts—including agencies in the U.S., U.K., and Australia—to investigate and enforce violations of CASL by international senders.

Data Regulation US Privacy Shield

The EU-U.S. Privacy Shield Framework provides a method for companies to transfer personal data to the United States from the European Union (EU) in a way that is consistent with EU law. To join the Privacy Shield Framework, a company must self-certify to the Department of Commerce that it complies with the Privacy Shield Principles. Requirements of the EU-U.S. and Swiss-U.S. Privacy Shield are the same.

Data Regulation US COPPA

Children's Online Privacy Protection Act requires websites that collect information on children under the age of 13 to comply with the Federal Trade Commission (FTC). The FTC determines whether a website is geared towards children by reviewing its language, content, advertising, graphics, features, and intended audience. The law also affects general interest sites looking to collect information from children, whether the site’s operators mean to do so or not. A company must have certain information in their privacy policy and get parental consent before collecting some types of information from children.

Data Regulation US GLBA

The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.

Data Regulation US Disposal Rule

Any large or small business or individual who uses a consumer report for a business purpose is subject to the requirements of the Disposal Rule. The Rule requires the proper disposal of information in consumer reports and records to protect against “unauthorized access to or use of the information.” The Disposal Rule requires disposal practices that are reasonable and appropriate.

Data Regulation US CAN-SPAM

The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003 establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations. It covers all commercial messages, which the law defines as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service."