As organizations begin to transition services to the cloud, there is a need for ongoing assurances from both cloud customers and cloud service providers that controls are put in place and are operating as intended. An organization’s internal audit can provide visibility into: The cloud program’s effectiveness Assurance to the board and risk management team…
Data Privacy: Maturity Model
Previous article in series – Data Privacy: Standard Requirements Maturity models are a recognized means by which organizations can measure their progress against established benchmarks. As such, they recognize that: Becoming compliant is a journey and progress along the way strengthens the organization, whether the organization has achieved all of the requirements or not In…
Data Privacy: Standard Requirements
Previous article in series – Data Privacy: Jurisdictional Differences When an organization embarks upon a path designed to improve its security posture, operational efficiency, or cultural behavior, there are many established codes of practice that can be utilized. Some of these codes of practice or guidelines come with the capability of certification. ISO/IEC 27018:2019 ISO/IEC…
Data Privacy: Jurisdictional Differences
Previous article in series – Data Privacy: EU–U.S. Privacy Shield, HIPAA, GLBA Jurisdictional variances become evident during cases involving cross-border data requests or cases of contention. Even between states in the same country there can be differences in data privacy. Section 2511 of Title 18 of the U.S. Federal Government’s legal code prohibits the unauthorized…
Data Privacy: EU–U.S. Privacy Shield, HIPAA, GLBA
Previous article in series – Data Privacy: Australia and New Zealand Privacy Principles The EU–U.S. Privacy Shield decision was adopted on July 12, 2016, and the Privacy Shield framework became operational on August 1, 2016. This framework protects the fundamental rights of anyone in the EU whose personal data is transferred to the United States…
Data Privacy: Australia and New Zealand Privacy Principles
Previous article in series – Data Privacy: African & Asia-Pacific Legislations Regulations in Australia and New Zealand make it extremely difficult for enterprises to move sensitive information to cloud service providers that store data outside of Australian/New Zealand borders. The Office of the Australian Information Commissioner (OAIC) provides oversight and governance on data privacy regulations…
Data Privacy: African & Asia-Pacific Legislations
Previous article in series – Data Privacy: Contractual and Regulated Private Data African Personal Data Protection Nearly two-thirds of the 54 nations of the African continent has data privacy protection as a regulation, is in process of making it, or has it as part of their constitutions. For the nations that have data protection mechanisms,…
Data Privacy: Contractual and Regulated Private Data
Previous article in series – Data Privacy: Evolution and History of Modern Data Privacy Contractual and regulated data may coexist within a single complementary context; a contract may be formulated to enforce the adherence to a regulation or set of regulations and a regulation may define the need to have contractual relationships between provider and…
Data Privacy: Evolution and History of Modern Data Privacy
Modern data privacy has a history that goes back to a time before the World Wide Web and when the internet was more a nascent concept than a global tool. The First Data Protection Law In 1970 the German state of Hesse enacted the first data protection act in the world known as Datenschutzgesetz (DSG;…
Digital Forensics: Chain of Custody & Nonrepudiation
Previous article in series – Digital Forensics: Evidence Management Chain of custody of evidence refers to the chronological documentation or paper trail, showing the seizure, custody, control, transfer, analysis, and disposition of physical or electronic evidence. Chain of custody should clearly depict how the evidence was collected, analyzed, and preserved so it can be presented…