William Gamble Archive
This is a guest article by IT Governance USA GDPR Consultant William Gamble. I am one of the few lawyers with an advanced certification in cybersecurity. I help organizations identify and comply with relevant cybersecurity and privacy laws. Four years …
Third-party risk management focuses on identifying and reducing risks relating to vendors, suppliers, partners, contractors, and service providers. It has become more important than ever due to the growing trend in third-party data breaches. Incidents such as the SolarWinds hack …
Last month, the U.S. Congress passed the CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act of 2022), which requires organizations involved in critical infrastructure to report cybersecurity incidents within 72 hours. Jen Easterly, the head of the CISA (Cybersecurity and …
There is a growing trend for organizations to invest in and promote positive social movements. Enter ESG (environmental, social, and governance) management. Organizations receive good ESG ratings for having a positive effect on society. This includes reducing their carbon footprint, …
Legislatures follow trends. Four years ago, there were only two U.S. state legislatures that proposed bills to protect consumer data. This year, there have been 34. Unfortunately, only three states – California, Virginia, and Colorado – have passed such bills. …
Litigation following a data breach is like adding insult to injury. The incident damages your reputation and slows your business as you try to correct the issues. Then you have to pay for litigation expenses and perhaps a destructive award. …
There are few federal incident response laws. The U.S. Congress tried to change that last year. Both Republicans and Democrats have expressed a desire to pass cybersecurity incident reporting legislation, either as a standalone bill or as part of another …
Although laws such as the CPRA (California Privacy Rights Act) and Illinois BIPA (Biometric Information Privacy Act), which provide private rights of action, have been enormously successful in helping plaintiffs sue for damages from a cybersecurity breach, for most U.S. …
In a recent blog, we discussed the laws that enable individuals affected by data breaches to receive compensation. There are three main methods to do this. The first is to use laws that allow private rights of action. The second …
I am a big fan of the SANS Daily Network Security Podcast (Stormcast) with Dr. Johannes Ullrich. Dr. Ullrich provides an overview of organizations that have been hacked that day and how they happened. What he doesn’t explain, though, is …
