Category Archives: Compliance & Regulation

[White Paper] Let Varonis Be Your EU GDPR Guide

[White Paper] Let Varonis Be Your EU GDPR Guide

Everyone knows that when you travel to a strange new country, you need a guide. Someone to point out the best ways to move around, offer practical tips on local customs, and help you get the most out of your experience. The EU General Data Protection Regulation (GDPR) is a country with its own quirky rules (and steep fines if you don’t do things just right). So may we suggest using Varonis to help you…

New SEC Guidance on Reporting Data Security Risk

New SEC Guidance on Reporting Data Security Risk

In our recent post on a 2011 SEC cybersecurity guidance, we briefly sketched out what public companies are supposed to be doing in terms of informing investors about risks related to security threats and actual incidents. As it happens, late last month the SEC issued a further guidance on cybersecurity disclosures, which “reinforces and expands” on the older one. Coincidence? Of course! But it’s a sign of the times that we’re all thinking about how…

North Carolina Proposes Tougher Breach Notification Rules

North Carolina Proposes Tougher Breach Notification Rules

If you’ve been reading our amazing blog content and whitepaper on breach notification laws in the US and worldwide, you know there’s often a hidden loophole in the legalese. The big issue — at least for data security nerds — is whether the data security law considers mere unauthorized access of personally identifiable information (PII) to be worthy of a notification. This was a small legal point until something called ransomware came along. You have…

How to Discover GDPR Data With Varonis

How to Discover GDPR Data With Varonis

GDPR goes into effect in less than 85 days – but there’s still time to prepare. The first step in getting ready for the upcoming deadline is to discover and classify your GDPR data. More often than not, we’re seeing that customers have much more GDPR eligible data than they thought they had – or even knew existed. A recent GDPR Readiness Assessment for a mid-sized insurance company revealed some eye-opening results. In the below…

Post-Davos Thoughts on the EU NIS Directive

Post-Davos Thoughts on the EU NIS Directive

I’ve been meaning to read the 80-page report published by the World Economic Forum (WEF) on the global risks humankind now faces. They’re the same folks who bring you the once a year gathering of the world’s bankers and other lesser humanoids held at a popular Swiss ski resort. I was told there was an interesting section on … data security. And there was. Data security is part of a report intended to help our world…

SEC Guidance on Cyber Incidents and Risk Disclosures

SEC Guidance on Cyber Incidents and Risk Disclosures

You know, because you read it here in the IOS blog, that in the US data breach reporting is not nearly as strict and comprehensive as in the EU. At the federal level, we have tough rules for reporting incidents involving medical data (HIPAA) and less tough ones for financial data (GLBA). At the state level, there is a patchwork of notification laws for the exposure of a select set of identifiers. And that’s it!…

New Survey Reveals GDPR Readiness Gap

New Survey Reveals GDPR Readiness Gap

With just a few months left to go until the EU General Data Protection Regulation (GDPR) implementation deadline on May 25, 2018, we commissioned an independent survey exploring the readiness and attitudes of security professionals toward the upcoming standard. The survey, Countdown to GDPR: Challenges and Concerns, which polled security professionals in the UK, Germany, France and U.S., highlights surprising GDPR readiness shortcomings, with more than half (57%) of professionals still concerned about compliance. Findings…

Do Your GDPR Homework and Lower Your Chance of Fines

Do Your GDPR Homework and Lower Your Chance of Fines

Advice that was helpful during your school days is also relevant when it comes to complying with the General Data Protection Regulation (GDPR): do your homework because it counts for part of your grade! In the case of the GDPR, your homework assignments involve developing and implementing privacy by design measures, and making sure these policies are published and known about by management. Taking good notes and doing homework assignments came to my mind when…

[Podcast] Privacy Attorney Tiffany Li and AI Memory, Part II

[Podcast] Privacy Attorney Tiffany Li and AI Memory, Part II

Tiffany C. Li is an attorney and Resident Fellow at Yale Law School’s Information Society Project. She frequently writes and speaks on the privacy implications of artificial intelligence, virtual reality, and other technologies. Our discussion is based on her recent paper on the difficulties of getting AI to forget. In this second part, we continue our discussion of GDPR and privacy, and examine ways to bridge the gap between tech and law. We then explore…

GDPR Data Breach Guidelines

GDPR Data Breach Guidelines

Index Personal Data Breach vs. Reportable Breach Notifying the Regulators Breach Notification and Ransomware Individual Reporting Breach Notification in Phases Notification Details This Is Not Legal Advice The General Data Protection Regulation (GDPR) is set to go into effect in a few months — May 25 2018 to be exact. While the document is a great read for experienced data security attorneys, it would be nifty if we in the IT world got some practical…

GDPR By Any Other Name: The UK’s New Data Protection Bill

GDPR By Any Other Name: The UK’s New Data Protection Bill

Last month, the UK published the final version of a law to replace its current data security and privacy rules. For those who haven’t been following the Brexit drama now playing in London, the Data Protection Bill or DPB will allow UK businesses to continue to do business with the EU after its “divorce” from the EU. The UK will have data rules that are effectively the same as the General Data Protection Regulation (GDPR),…