Building an Enterprise Privacy Framework

Chris Jurs, VP of our Data Privacy practice, and Donel Martinez, a Director in our Risk Consulting group, discuss practical ways organizations can leverage the NIST Privacy Framework to build an enterprise-wide privacy strategy. This conversations is designed for privacy, audit, and compliance professionals.

More Changes Coming to the CCPA

2020 has been a major year for the California Consumer Privacy Act (CCPA). After two years of anticipation, the CCPA went into effect on January 1, 2020 and then enforcement for the law began six months later on July 1, 2020. The Attorney General also submitted the final proposed regulations for the CCPA to the Office of Administrative Law (OAL) on June 1, which were approved and went into effect two months later on August 14, 2020.

How to Achieve the CMMC Level 2 Certification

Under the Cybersecurity Maturity Model Certification (CMMC), all DoD contractors are required to be evaluated on the maturity and reliability of their cybersecurity infrastructure, earning certifications ranging from Level 1 (basic cyber hygiene) to Level 5 (advanced security). The five CMMC certification levels are tiered, so the requirements and processes for each level builds upon the previous. Future DoD contracts will indicate the certification level required to bid, and only companies certified to the level specified or higher will be allowed to submit a proposal for those contracts.

Detecting and Preventing MageCart Attacks

A practical look at MageCart attacks (and other similar attack methods) and the controls and tools to identify and stop them...

Webinar: A Buyer’s Guide to Penetration Testing

Whether you're looking to refresh your pen testing routine or to integrate a new type of test (maybe application testing or a device testing), buying a pen test doesn't have to be painful. In this webinar, Jeremy Archer, Managing Director of our Cyber Defense practice, sits down with sales leader Scott Maxwell to discuss how to shop for a pen test. Jeremy and Scott have worked with a wide range of business leaders - from audit directors to CISOs - and have designed this conversation to connect with everyone, whether you're buying your first pen test or your fiftieth.

How to Achieve the CMMC Level 1 Certification

Each year, roughly $600 billion is lost because of cyberattacks. In a push to protect the U.S. defense supply chain from both foreign and domestic cyber threats and security risks, the Department of Defense (DoD) created the Cybersecurity Maturity Model Certification (CMMC). This new unified standard will ensure the more than 300,000 companies in the Defense Industrial Base (DIB) supply chain have adequate practices and processes in place to protect sensitive defense information.

The Final Countdown: The CCPA’S Employee Information Exemption Ends in January

Updated October 19: On September 30, 2020, the California Attorney General signed AB 1281 into law extending the exemption on employee rights until January 1, 2022. In October 2019, the California legislature passed Assembly Bill 25, an amendment that exempts employers from complying with certain CCPA requirements when it comes to the data of employees and job applicants. AB 25 was set to sunset on January 1, 2021, after which employee personal information would be granted the same rights and protections as consumer personal information as set forth by the CCPA. In the rush to comply with the CCPA this year, many businesses took advantage of this amendment and put these employee data requirements on the backburner. However, this deadline was recently extended until January 1, 2022.  Companies will be able to continue to delay compliance efforts with this exemption for another year, as the California Attorney General recently signed Assembly Bill 1281 into law, extending the exemption on employee rights until January 1, 2022. Employee information under the CCPA covers a large swath of data and significant individual rights, so despite having another year to prepare, organizations should not delay compliance efforts for employee information too long. Keep reading to ensure your organization understands all the CCPA’s requirements for employee personal information and is prepared to comply before they go into effect.

Supplementary Job Postings

No positions found.

The California Privacy Rights Act (CPRA): Is it the CCPA 2.0?

Companies have barely had time to catch their breath since the California Consumer Privacy Act (CCPA) took effect this year, and California is already looking to pass a second, possibly tougher law. Many considered the CCPA to be the strictest privacy law ever in the U.S., which may not be true soon. Instead, the California Privacy Rights Act (CPRA), often referred to as “CCPA 2.0,” could earn that title if passed in the November general elections. Backed by the Californians for Consumer Privacy (the group that first drafted the CCPA), the CPRA would amend the CCPA, creating new privacy obligations for organizations and significantly expanding the rights of consumers. If approved by voters this November, the CPRA would go into effect on January 1, 2023, but certain provisions like those pertaining to the collection of person information would go into effect immediately. Therefore, companies will once again need to update their privacy programs in order to comply with an even more rigorous set of data protection requirements. In this blog, we’ll take a closer look at the CPRA, how the law compares to the CCPA, and what your company can do now to prepare if it passes in November.
New Search