Aug 18 2023

What Are Your Data Breach Notification Requirements?

Category: Data Breachdisc7 @ 9:47 am

Data breach notification requirements are complex in the US, with various federal and state laws containing different requirements for when security incidents must be disclosed.

Some even have substantially different definitions for what a ‘data breach’ or ‘personal data’ is.

As such, it can be hard to know whether you need to report an incident, let alone how you should go about it.

We address these issues in this blog, bringing some much-needed clarity to the subject.

State laws on data breach notification

There is no single set of data protection laws in the U.S., with the rules instead comprised of a patchwork of industry-specific federal laws and state legislation.

To complicate matters further, several states have created new laws in recent years to bolster data protection requirements. For instance, New York has created the SHIELD Act, while Colorado and California have both created data privacy legislation.

Elsewhere, the U.S. government is attempting to unify data protection requirements with its National Cybersecurity Strategy.

The decision to revise data protection laws follows the introduction of the EU GDPR (General Data Protection Regulation) in 2018, which radically shifted organizations’ requirements.

Organizations in the U.S. that process EU residents’ personal data are required to comply with the GDPR, and those that conduct business across state lines will face similar compliance challenges.

You can find a summary of each state’s federal data breach notification laws on our website, along with links to the texts themselves.

The GDPR is particularly important here, because many organizations in the U.S. assume that it only applies in the EU. However, its requirements apply to any organization that processes EU residents’ personal data, which is particularly common for organizations that have an online presence.

GDPR compliance is also helpful for managing patchwork of U.S. data protection legislations. Its requirements are far stricter than any domestic laws, so achieving GDPR compliance will cover you for a range of other requirements.

You can learn more about the GDPR and the ways it can help you meet your data protection requirements by reading General Data Protection Regulation (GDPR) – A compliance guide for the US.

This free guide explains how and when the GDPR applies in the U.S. and the steps you can take to ensure your organization meets its transatlantic data processing practices.

You’ll also learn about the Regulation’s core principles and data subject rights, and the benefits of GDPR compliance.

We also provide tips on how to write your data privacy notice and give you tips on how to further your understanding of its compliance requirements.

Download now

CISSP training course

InfoSec tools | InfoSec services | InfoSec books | Follow our blog

Tags: CPRA, Data Breach Notification Requirements, Data Privacy Solutions, gdpr, hipaa

Aug 17 2023

Data Privacy Solutions

Category: Information Privacy,Security and privacy Lawdisc7 @ 10:09 am

Your data is an asset. Safeguarding it will help you comply with data protection laws and allow your business to thrive

A global leader in privacy guidance, audits, tools, training and software

IT Governance is a market leader in data privacy and cyber security solutions. Their broad suite of offerings is one of the most comprehensive in the world.

ITG affordable solutions have assisted numerous individuals and organizations in understanding the tangible aspects of data privacy. With substantial legal and technical proficiency, coupled with a 15-year history in cybersecurity risk management, ITG customers have complete confidence in entrusting us with their needs.

Speed up your compliance initiatives for GDPR, CPRA, and other regulations ISO 27701 by utilizing ITG collection of top-performing Tools, Templates and eBooks.

Templates and Tools

Training and staff awareness


Checkout our ISO 27701 related posts to assess and built your PMS

Checkout our previous posts on CPRA

Checkout our previous posts on GDPR

CISSP training course

InfoSec tools | InfoSec services | InfoSec books | Follow our blog

Tags: CCPA, CPRA, data privacy, Data Privacy Solutions, gdpr, ISO 27701

Jan 13 2022

CPRA Cheat sheet

Download ISO/IEC 27701 2019 Standard and Toolkit

CPRA compliance gap assessment tool 

Tags: CPRA, CPRA Cheat sheet, CPRA compliance gap assessment tool, ISO 27701 2019 Standard and Toolkit

Jan 27 2021

ISO Self Assessment Tools

Category: ISO 27k,Security ToolsDISC @ 3:49 pm

ISO Self assessment tools list includes but not limited to Privacy, ISO 27001, ISO 9001 and ISO 14001 & ISO/IEC 27701 2019 Standard and Toolkit

Tags: CPRA, Gap assessment tool, Information Privacy, ISO 14001, iso 27001, ISO 27001 2013 Gap Assessment, ISO 27701 Gap Analysis Tool, iso 9001, iso assessment, Security Risk Assessment

Dec 01 2020

Consumer Rights under the CALIFORNIA PRIVACY RIGHTS ACT (CPRA) OF 2020

Category: Information PrivacyDISC @ 3:21 pm

Consumer Rights under the CALIFORNIA PRIVACY RIGHTS ACT (CPRA) OF 2020

Purpose and Intent. In enacting this Act, It is the purpose and intent of the people of the State of California to further protect consumers’ rights, including the constitutional right of privacy. The implementation of this Act shall be guided by the following principles:

Consumer Rights

  1. Consumers should know who is collecting their personal Information and that of their children, how it is being used, and to whom It is disclosed, so that they have the information necessary to exercise meaningful control over businesses’ use of their personal information and that of their children,
  2. Consumers should be able to control the use of their personal information, including limiting the use of their sensitive personal Information, the unauthorized use or disclosure of which creates a heightened risk of harm to the consumer, and they should have meaningful options over how it is collected, used, and disclosed.
  3. Consumers should have access to their personal information and should be able to correct it, delete it, and take it with them from one business to another.
  4. Consumers or their authorized agents should be able to exercise these options through easily accessible self-serve tools.
  5. Consumers should be able to exercise these rights without being penalized for doing so.
  6. Consumers should be able to hold businesses accountable for falling to take reasonable precautions to protect their most sensitive personal information from hackers and security breaches.
  7. Consumers should benefit from businesses’ use of their personal information.
  8. The privacy interests of employees and independent contractors should also be protected, taking into account the differences in the relationship between employees or independent contractors and businesses, as compared to the relationship between consumers and businesses. In addition, this law is not intended to interfere with the right to organize and collective bargaining under the National Labor Relations Act. It is the purpose and Intent of the Act to extend the exemptions in this title for employee and business to business communications until January 1, 2023

Adds a right to opt out of automated decision-making technology, in connection with decisions related to a consumer’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements. Opt-out right explicitly extends to sharing of PI used for cross-context behavioral advertising.

Strengthens opt-in rights for minors. Extends the opt-in right to explicitly include the sharing of PI for behavioral advertising purposes. As with the opt-out right, businesses must wait 12 months before asking a minor for consent to sell or share his or her PI after the minor has declined to provide it.

For all inclusive details, download a pdf of THE CALIFORNIA PRIVACY RIGHTS ACT OF 2020 (Amendments to Version 3)

California Privacy Rights Act (CPRA): 10 Big Impacts on Your Business