by Sabine Zimmer | March 4, 2019 | Data & Cybersecurity, Privacy, Public Policy
Trying to predict the privacy weather report for third party risk? The dialog on online privacy is heating up in Washington D.C. this week as hearings and industry discussion on the merits of federal privacy legislation were prompted in the wake of the passage of the California Consumer Privacy Act ....
by Sabine Zimmer | February 22, 2019 | Public Policy
Last August, Governor John Kasich signed the Ohio Data Protection Act into law. The law creates a safe harbor that insulates “covered entities” from tort liability under Ohio state law if they “create, maintain, and comply with a written cybersecurity program” t ....
by Sabine Zimmer | February 13, 2019 | California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR), Public Policy
Santa Fe Group Third Party Risk expert, Tom Garrubba, recently contributed to Corporate Compliance Insights for his take on the recently released Cisco Data Privacy Benchmark Study Read the full article. Those of us in the privacy profession knew it was only a matter of time that privacy-mind ....
by Linnea Solem | January 24, 2019 | Data, Data & Cybersecurity, Data Privacy Day
Each year on January 28th, the world celebrates Data Privacy Day (DPD), led by the National Cyber Security Alliance in North America. This international effort creates awareness about the importance of respecting privacy, safeguarding data, and enabling trust. The focus this year is on the value of ....
November 15, 2018 | Cyber Insurance, Cyber Risk, Data & Cybersecurity
As cybersecurity programs become more integrated into enterprise risk management (ERM) programs, security professionals grapple with new issues. Rather than relying on fear, uncertainty and doubt (FUD) to fuel their business case for budget increases, cybersecurity leaders are striving to quantify t ....
by Sabine Zimmer | November 13, 2018 | California Consumer Privacy Act (CCPA), Data, Data & Cybersecurity, General Data Protection Regulation (GDPR), Privacy, Public Policy
Might the U.S take a page from the European Union’s (E.U.) data privacy playbook? Could the California Privacy Act spread to the rest of the country? These possibilities were on the minds of participants in recent Congressional hearings concerning data privacy. The European Union’s (EU’s) G ....
by Sabine Zimmer | October 26, 2018 | California Consumer Privacy Act (CCPA), Cybersecurity, Data & Cybersecurity, Internet of Things (IoT), Privacy, Public Policy, Regulations, Regulatory Requirements
The California State Legislature recently completed a data privacy/data security two-step by passing two new laws with significant third party risk management implications for a broad collection of companies. In late September, California enacted what some are referring to as the country’s firs ....
by Sabine Zimmer | September 19, 2018 | Data & Cybersecurity, Data Breach, Public Policy, Regulations, Third Party Risk Management, Tools & Templates, Vendor Risk Management Maturity Model (VRMMM)
Tick Tock. It’s that time of year again. Summer’s heat waves are retreating, school is in session, and budget planning is well underway for 2019 and beyond. Each year organizations typically take focused time during Q3/Q4 to evaluate their strategic plans; monitor the evolving risk environment; ....
by Sabine Zimmer | September 18, 2018 | Contracts, Third Party Risk Management
While walking outside on my way to an early meeting, between sips of coffee I was additionally jarred awake by a passing car with the music of Van Halen blaring through the speakers. As a fan of “early” Van Halen, I snickered to myself recalling the legend of the “Brown M&M’s” in their ....
by Sabine Zimmer | August 31, 2018 | General Data Protection Regulation (GDPR), Public Policy
As the European Union’s (EU’s) General Data Protection Regulation (GDPR) May 25 effective date approached this spring, its sweeping compliance requirements socked U.S. companies with major surprises. The regulation’s global jurisdictional reach, EU-specific definition of “sensitive data,” ....