Placing data on the cloud always sounds like a great idea – many big companies are doing it and there seems to be endless space. However, like any other online platform, there are security issues to be addressed for a SaaS business. SaaS security issues could range anywhere from data…

What is the GDPR? The General Data Protection Regulation (GDPR) is a European Union law that went into effect on May 25, 2018. It demands companies to protect personal data and enforce the privacy rights of anyone on EU State’s territory. The regulation includes seven data protection principles that must…

What is the CCPA Act? The California Consumer Privacy Act (CCPA) is a state-wide data privacy law that governs how businesses all over the world may handle California residents’ personal information (PI). The CCPA went into effect on January 1, 2020. It is the first law of its kind in…

What is the NIST Privacy Framework? The National Institute of Standards and Technology (NIST) recently released The Privacy Framework, which assists organizations in prioritizing privacy threats and outcomes, and achieving privacy goals regardless of company size, market, or industry. ​ Although organizations might have implemented the NIST Cybersecurity Framework (CSF),…

What is FERPA? The Family Educational Rights and Privacy Act (FERPA) of 1974, also known as the Buckley Amendment, is a Federal privacy law that protects the privacy of student education records.  “Education records” directly relate to a student and are maintained by an educational institution or by a party…

What is the ISO/IEC 27701 Standard? ISO/IEC 27701 establishes guidelines and describes standards for implementing, designing, maintaining, and continuing to improve a Privacy Information Management System as a complement to ISO/IEC 27001 and ISO/IEC 27002 for the management of privacy within organizations (PIMS). The original version of this standard was…