INSIDER THREAT SECURITY BLOG

A data subject access request (DSAR) is a common requirement in privacy regulations today. It grants individuals the right to request all the personally identifiable information (PII) an organization has gathered about them, along with how the organization is using that data and who they’ve shared it with. Responding to DSARs can be a daunting task for any organization. In fact, Gartner reports that manually processing a single request costs organizations more than $1,400 and takes most…

The push for data privacy regulation has exploded in recent years, with the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) taking center stage. Gartner predicts  “ By 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations, up from 10% today.” For much of the world, this regulatory shift will have a substantial impact on the way businesses collect and process information. However, organiz…

Following in the footsteps of GDPR, CCPA, and LGPD, South Africa’s data privacy law, Protection of Personal Information Act (POPIA), took effect on July 1st, 2020, with an effective date for enforcement of July 1st, 2021. What this means is that affected organizations have a year to prepare and should take advantage of the grace period to stay ahead of requirements. POPIA is modeled after the EU’s GDPR, as many recent data privacy laws and frameworks have been. By doing so POPIA grants use…

It can be difficult to keep up with all the data privacy regulations across the globe, and failure to comply can result in heavy fines and other punishments. This growth of global data privacy laws represents major progress for consumer rights and gives organizations who comply a chance to earn trust from their customers. This brings us to the most recent major data privacy law to go into effect – Brazil’s Lei Geral de Proteção de Dados Pessoais (LGPD). Originally the regulation was set to…

Just days before the enforcement of the California Consumer Privacy Act (CCPA) began on July 1st, 2020, the California Privacy Rights Act (CPRA) received enough signatures to qualify to be on the November ballot. This ballot initiative, also referred to as Prop 24, was drafted by the non-profit organization Californians for Consumer Privacy, and looks to extend and clarify several of the provisions in existing California privacy law.  If this measure is approved, it w…

Article 35 of the EU General Data Protection Regulation (GDPR) describes the requirement for organizations to “carry out an assessment of the impact of the envisaged processing operations on the protection of personal data”. This process referred to as a Data Protection Impact Assessment (DPIA), is an integral component of the GDPR, and if not carried out when required, can leave an organization open to enforcement action such as potentially steep fines.    In this blog…

The push for data privacy has exploded in recent years, with regulations such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) leading the charge. This means consumers around the globe are gaining rights regarding how their data is collected, stored, and sold, as well as more ways to hold companies accountable when poor data security practices lead to data breaches involving their personally identifiable information (PII)…

A term popularized by the EU’s General Data Protection Regulation (GDPR), a Data Subject Access Request, also known as a DSAR, is an individual’s right to request information on personally identifiable information (PII) an organization has gathered about them, how that organization is using that data, and who that data has been shared with. PII includes names, social security numbers, phone numbers, behavioral data, and more; pretty much anything that can be used to identify a specific indivi…

Europe’s top court, the Court of Justice of the European Union, recently struck down the EU-US data privacy arrangement known as Privacy Shield, which many organizations rely on when transferring data from the EU to the United States. Privacy Shield was enacted in 2016 to replace the Safe Harbor Privacy Principles, which was declared invalid by the same court in 2015. In addition to replacing Safe Harbor, it aimed to protect the fundamental rights of anyone in the EU whose personal da…

As more and more attacks are occurring each year with a record 4.1 billion records breached in just the first half of 2019, according to Forbes– data security regulation is becoming more of a priority. Just as we suspected with the signing of the GDPR regulation in the EU, similar regulation has sprung up in the U.S with the CCPA on the west coast in California and most recently spreading to the east coast in New York with the signing of the ‘Stop Hacks and Improve Electronic Data Security’ o…