Assured SPC

Assured SPC Blogs

Latest from Assured SPC

Reasonable Security in the Law Many laws require that businesses implement “reasonable security” practices and procedures or reasonable security safeguards.   Some of these include GLBA, HIPAA, CCPA and the NY SHIELD Act.  To many the definition of reasonable security is elusive and ambiguous. I speak with many attorneys that focus on privacy and data security. Whenever I meet a new one, I ask for their definition of “reasonable security”. There is a definition based on…
The President and HIPAA There has been a huge trend over the last couple of days on Google and, I presume, other search engines for ‘Does HIPAA apply to the President?’ The short answer is YES. The Long Answer HIPAA affords all patients the same rights and protections, including Presidents. The HIPAA Privacy Rule ‘…establishes national standards to protect individuals’ medical records and other personal health information…’ The Privacy Rule sets limits and conditions…
Comparison of GDPR, CCPA, CPRA and PEPIDA Comparing privacy laws can be challenging Some US companies need to comply with GDPR.   Others need to comply with the California Consumer Privacy Act, CCPA. If the California CPRA ballot initiative passes in November, US businesses that needed to comply with CCPA may need to remap their personal information (PI) to identify the locations of the newly defined Sensitive Information and to address new requirements for managing Service…
  Balancing business survival, cyber risk, customer compliance, and privacy compliance Pandemic impact on Managing Risk Businesses of every size are dealing with a perfect storm created by the COVID-19 pandemic.   Prior to the pandemic, there was a growing recognition of the need to balance of business growth with risk management from cyber risk, third party compliance requirements and regulatory compliance for information security and privacy. In the Marsh-Microsoft 2019 Global Risk Perception Survey published…
New Restrictions for GDPR data in the US Disclaimer: We specialize in operationalizing data security and privacy requirements and work closely with security and privacy attorneys, but we are not attorneys. The European Court of Justice ruled yesterday that Privacy Shield is not adequate to protect EU subject (resident) sensitive data that is transferred to the US.   While commercial privacy law like the California Consumer Privacy Act or the Illinois Biometric Privacy Information Act focus…
Privacy does not have to be complicated. But board members have a fiduciary duty for their organization’s data security and privacy compliance.   Many organizations create significant financial and reputational risk for themselves through decisions on governance, cultural change and adoption of regulatory compliance requirements for consumer privacy. If the early steps of privacy compliance are done well and there is continuous focus on quality and automation, then risk and operational cost can be reduced —…
We have big problems We try to boil down big problems into small actions.   Today we see that COVID-19 cases are rising in the US.   And we know that while the US has 5% of the world’s population, we currently have 25% of the cases.   The proposed solutions in the US is to make the problem a problem of small segments of the population.   The buck doesn’t stop at the top.   For a while it…
We have big problems We try to boil down big problems into small actions.   Today we see that COVID-19 cases are rising in the US.   And we know that while the US has 5% of the world’s population, we currently have 25% of the cases.   The proposed solutions in the US is to make the problem a problem of small segments of the population.   The buck doesn’t stop at the top.   For a while it…
With Work from Home the new normal, is your Personal Information safe? Work from home is the new normal for many that have not lost their jobs related to the pandemic.   Knowledge workers are those that are most likely to be able to stay connected electronically and perform their jobs from a home office.  What is the impact of this change to protection of your personal information (PI)?   Should you be concerned? Many businesses capture…
With Work from Home the new normal, is your Personal Information safe? Work from home is the new normal for many that have not lost their jobs related to the pandemic.   Knowledge workers are those that are most likely to be able to stay connected electronically and perform their jobs from a home office.  What is the impact of this change to protection of your personal information (PI)?   Should you be concerned? Many businesses capture…