Roughly 57% of the global population now have access to the internet. While being connected to the largest database in the world does bring a host of advantages, it does come at a price. Recent statistics revealed that about 53% of online users are currently more concerned about their online privacy compared to a year ago.
Category: Compliance Standards
Staying informed about all of the cyber security compliance standards is essential to keeping your company safe from hackers. Read on to learn about the various steps you can take to stay up to date with your industry’s compliance standards.
-
HITRUST: Common Security Framework
Roughly 38,000 Common Security Framework (CSF) assessments have been performed in the last three years. The Health Information Trust Alliance (HITRUST) is expecting a continuous demand for CSF certification thanks to the third-party assurance requirements from major health organizations.
-
Active Consent Required for Storing Cookies in the EU
The Court of Justice of the European Union has ruled that website users must give active consent for cookies to be stored on their equipment.
The European Union’s Ruling
The European Union Court Rules that Active Consent is Required for Storing Cookies.
Big changes with regard to privacy are coming out of the EU. A press announcement from the Court of Justice of the European Union reveals that active consent is required by internet users for strong cookies to be placed on their equipment. The court ruled that active consent is not a pre-checked box that the user must deselect in order to refuse his or her consent.
This ruling was the judgment in Case C-673/17, Bundesverband der Verbraucherzentralen und Verbraucherverbände ? Verbraucherzentrale Bundesverband eV v Planet49 GmbH.
Cookies, of course, are files that websites store on the site user’s computer that the website provider can access when the user visits the website again. The purpose is to facilitate transactions or navigation of the site or to access information about the user’s behavior.
Whether or not the information stored or accessed on the user’s equipment is personal data does not affect the decision.
The Court stated that consent must be specific. Therefore, a user selecting a button to participate in, say, some sort of promotion does NOT mean that the user gave his or her consent to the storage of cookies.
In addition, the Court decided that website service providers must inform users of the duration of the operation of cookies and whether or not third parties may have access to those cookies.
Want to learn more about compliance with EU regulations like GDPR? Contact RSI Security today.
-
How to Prevent a Data Breach At a Cannabis Dispensary
Recent numbers indicate that the global legal marijuana market is expected to reach $146.4 billion by the end of 2025. A survey by Grand View Research further added that medical marijuana will likely dominate the market a few years from now with a projected value of $66.3 billion.
-
Soc 2 Auditing Guide
Data is growing faster than it ever has before. But it is starting to become the biggest risk of every organization. The convenience and collaboration of using data stores in the cloud means that companies and hackers have more information and more access to it by design.
-
Consumer Rights Under CCPA: What You Need to Know
Is your business ready for the California Consumer Privacy Act (CCPA)? If you handle consumers’ personal information, resolve to get in compliance before it’s too late. Starting January 1, 2020 consumers are going to be entitled to protection from companies selling personal information to other third-party companies without their knowledge. They are also going to be entitled to relief from wrongful sharing of their personal information, whether or not it was leaked on purpose. Read on to find out what these new protections are and what you can do about them to reduce your liability.
-
Should My Company Become A HITRUST Assessor?
Companies that broadly occupy the security space might consider a new service they could offer at the intersection of healthcare and cybersecurity: becoming a HITRUST assessor.
All kinds of personal data already lives online, but now we’re faced with medical categories of data being usefully stored there as well. And the cynics and realists alike know that anything stored online is fundamentally vulnerable to cyber attacks
-
How To Prepare For A HITRUST Audit ?
Healthcare organizations pursue HITRUST certification because they want to demonstrate productive forward motion on cybersecurity mindfulness. A mark of HITRUST compliance means that a business has taken steps to interrogate its technological infrastructure for flaws and potential improvements.
-
Challenges of Managing Personally Identifiable Information
It’s difficult in the current technological environment to determine what falls under private or personal information, especially considering how many social media platforms exist. People post a plethora of information about themselves causing the concept of privacy to become skewed. All of this information provides companies with a window into the consumers’ minds and consequently their wallets. But, with information collection comes the responsibility to protect personal data from malicious individuals.
-
Everything You Need to Know About Service Organization Control Reporting
System and Organization Controls (SOC) reports are an essential method for service organizations to build trust and confidence in software and service delivery processes and controls that protect information and systems against risks, including unauthorized access and damage to systems. The SOC report framework, previously referred to as Service Organization Controls, was developed by the American Institute of Certified Public Accounts (AICPA) to be managed by independent third party certified public accountants (CPAs).