Tag: Data Privacy

Categories
Coffee and Regs

Cybersecurity Awareness Month – Reducing Cyber Incidents Through Vendor Due Diligence

Cybersecurity Awareness Month – Reducing Cyber Incidents Through Vendor Due Diligence

 
In this episode, CSS’s team of cybersecurity experts E.J. Yerzak and Mike Farrell kick off Cybersecurity Awareness Month discussing the importance of vendor due diligence and the role that service providers can play in cyber incidents.
 

About Our Guest Speakers:


E.J. Yerzak CISA®, CISM®, CRISC™ assists firms in assessing and managing their cybersecurity risk – from network vulnerability scanning and penetration testing to onsite cybersecurity assessments and assistance in implementing the NIST cybersecurity framework. E.J. has authored articles and alerts on emerging regulatory and technology issues, and is regularly requested to speak as a cybersecurity expert at industry conferences.
 

 

 

 
Mike Farrell is a Certified Information Systems Auditor (CISA®) and Certified Information Security Manager (CISM®), and Cybersecurity Consultant at CSS. He analyzes data and conducts cybersecurity risk assessments, policy gap analyses, vulnerability scanning and social engineering testing. His Information technology experience includes network installations and management, hardware and software configuration, and troubleshooting.
Categories
Life with GDPR

Jonathan’s Favorite Enforcement Action

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. In this episode we take up Jonathan’s (current) favorite GDPR enforcement action, involving the food deliver services Deliveroo and Foodinho, who ran afoul of the Italian data protection authority.

Some of the questions we consider include:

  1. What are the facts of the enforcement actions?
  2. What do these cases tell us about the use of AI and data privacy?
  3. What lessons can companies that use algorithmic management of staff learn?

Resources
Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Categories
Coffee and Regs

Data Privacy & Building Compliance into the Product Development Lifecycle


 

Data Privacy & Building Compliance into the Product Development Lifecycle

 
In this episode, CSS’s Director of Cyber IT Services, E.J. Yerzak sits down with Co-Founder and COO of TerraTrue, Chris Handman to discuss data privacy and how compliance can keep up with the ambitions of product teams by building data privacy controls into the product development lifecycle.
 

 

About Our Guest Speakers:

E.J. Yerzak CISA®, CISM®, CRISC™ assists firms in assessing and managing their cybersecurity risk – from network vulnerability scanning and penetration testing to onsite cybersecurity assessments and assistance in implementing the NIST cybersecurity framework. E.J. has authored articles and alerts on emerging regulatory and technology issues, and is regularly requested to speak as a cybersecurity expert at industry conferences.

 
 
 


Before co-founding TerraTrue, Chris Handman was the first General Counsel at Snap, where he built the company’s legal, compliance, public policy, and law-enforcement teams. During his time there, Chris developed a transformative privacy program that coupled rigorous review with tools and systems that were nimble enough not to restrain the relentless pace of execution. Chris is a Homeland Security Project fellow at Harvard’s Belfer Center for Science and International Affairs. And he’s constructed two crossword puzzles that have been published in the New York Times (one of which was featured on the Colbert Report). He graduated from Yale Law School.

 
 

Categories
Coffee and Regs

Ransomware Attacks – Cybersecurity Concerns & Best Practices to Mitigate Risk

Ransomware Attacks – Cybersecurity Concerns & Best Practices to Mitigate Risk

 
In this episode, our team of cybersecurity experts, E.J. Yerzak and Mike Farrell discuss the latest ransomware attacks in the news, best practices to keep your data secure and hackers out, and what to do first if your firm is hit by an attack.
 

 

About Our Guest Speakers:

E.J. Yerzak CISA®, CISM®, CRISC™ assists firms in assessing and managing their cybersecurity risk – from network vulnerability scanning and penetration testing to onsite cybersecurity assessments and assistance in implementing the NIST cybersecurity framework. E.J. has authored articles and alerts on emerging regulatory and technology issues, and is regularly requested to speak as a cybersecurity expert at industry conferences.

 
 
 


Mike Farrell is a Certified Information Systems Auditor (CISA®) and Certified Information Security Manager (CISM®), and Cybersecurity Consultant at CSS. He analyzes data and conducts cybersecurity risk assessments, policy gap analyses, vulnerability scanning and social engineering testing. His Information technology experience includes network installations and management, hardware and software configuration, and troubleshooting.

 
 

Categories
The Ethics Movement

Converge21 Workshop Edition- Tess Macapinlac on Embracing Data Privacy


Welcome to The Ethics Movement, special podcast series highlighting Converge21 The Workshop Edition. This podcast series will feature some of the speakers at the event. You can find out more information about the event and register here. In this podcast, I visit with Tess Macapinlac, Privacy Associate at OneTrust who will help the discussion on the Workshop, From Fear to Enthusiasm: Embracing Data Privacy with Confidence. Do not let fear of the unknown stop you from tackling data privacy. We’ll show you exactly where your weak spots are. It might even be fun!

Categories
Compliance and Coronavirus

Gabe Gumbs on Data Privacy and Data Protection Going Forward


Welcome to the newest addition to the Compliance Podcast Network, Compliance and Coronavirus. In this episode, I am joined by Gabe Gumbs. Gabe is the Chief Innovation Officer at Spirion. He leads the Spirion product team through strategic product development to create technologies that push data security forward in an increasingly complex digital world. Prior to his new position at Spirion, Gumbs held a range of positions in security technology, including VP of Product Management at Spirion. Other prior positions include VP of Product Strategy at STEALTHbits Technologies, and Director of Research and Products at WhiteHat Security. Gumbs also served on the Board of Advisors at eGRC.com.
In this episode, we consider some of the challenges around data in the age of Coronavirus. Gabe discusses some of the top questions he and his team are hearing from customers during this time of Coronavirus and economic dislocation around data privacy and data protection during the economic dislocation. Gabe observes that trends which were in play have been largely amplified as a result of Covid-19 and the attendant economic dislocation increased trends in cybersecurity compliance. We conclude with a discussion of Spirion’s Data Discovery Agent and it can assist companies at this point in time and into Q3 and Q4.
For more information on Spirion, check out their website here.
Check out Spirion’s Data Discovery Agent, here.

Categories
Life with GDPR

CCTV and Data Privacy


In this episode I visit with Jonathan Armstrong are back to discuss issues relating to data privacy, data protection and GDPR. Today, we consider the intersection of Closed Circuit Television (CCTV) and data privacy. Some of the highlights are:

  1. CCTV is ubiquitous in the UK. Why is a DPIA so critical in GDPR compliance around this issue?
  2. What about the safety implications for CCTV?
  3. What about Subject Access Requests?
  4. Transparency is critical. This means full notice to all employees.
  5. What should be your retention policy?

Check out the Cordery Compliance, client alert on the CCTV and data privacy, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Categories
Life with GDPR

Life With GDPR: Episode 27- BountyUK Ltd. Notice of Monetary Penalty

In this podcast, data privacy/data security expert Jonathan Armstrong and Compliance Evangelist Tom Fox use the framework of GDPR to discuss a wide range of issues relating to these topics. They consider what the US compliance and InfoSec security expert needs to know about what is happening in the UK, Europe and beyond. In this episode, I visit with Jonathan Armstrong about a recent enforcement action against Bounty UK Ltd. by the UK data protection regulator. Some of the issues and highlights are:

  1. The enforcement action came out of the Facebook/Cambridge Analytica investigation.
  2. Déjà vu all over again?
  3. Why did the company receive 80% of the highest possible fine?
  4. How does this case mimic the Emma’s Diary enforcement action?
  5. What are the lessons to be learned?

For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.