In a previous blog post, I discussed the two main areas to audit before the European Union’s updated Network and Information Security Directive (NIS2) becomes ratified law in October 2024. Specifically, these audits would: Identify your gaps with the NIS2 directive’s requirements now. Review your current supply chain security flaws. Now that we’ve discovered these security flaws, we must fix them — before time runs out in October 2024.
You probably heard about the European Union’s updated Network and Information Security Directive (NIS2). This directive will translate into active law in October 2024. You should be ready for it, as there are high fines and sanctions for non-compliance. But you might be tempted to think that October 2024 is far away, right? Think twice. After all, how can you know if you have plenty of time to prepare if you don’t know how well you currently comply with the projected regulations?
This post was co-written by Nazhin Beiramee, Jazmin Childress, Kevin Clark, and Nick Weiss. Advancement in technology, along with the ever changing political landscape (e.g., the Executive Order on Transforming Federal Customer Experience and Service Delivery to Rebuild Trust in Government, as well as billions in funding to support this mandate, and a potential administration change after the 2024 election) uncover new needs, opportunities, and demands for government organizations.
Not to be confused with the popular children’s TV character, DORA is a new EU regulation for the financial sector, which stands for the Digital Operational Resilience Act. DORA became law on 16 January 2023 and will start to apply from 17 January 2025, so it’s crucial that senior executives in the financial sector, such as Chief Risk Officers and Chief Information Security Officers, understand its implications and prepare for compliance from day one.
Meta, the parent company of Facebook, has been fined a record €1.2 billion ($1.3 billion) by the European Union for violating its data privacy laws. The fine was issued by Ireland’s Data Protection Commission, which is Meta’s lead regulator in the EU, and is the largest ever levied under the EU’s General Data Protection Regulation (GDPR), which went into effect in 2018.
President Joe Biden signed the Strengthening American Cybersecurity Act into law in March of 2022. The Act consists of various regulations, but it’s the security incident reporting requirements that are creating a stir in the IT community. Currently, the reporting requirements are focused on critical infrastructure, but there is a great deal of potential that entities in various industries could ultimately be subject to these requirements.
When the General Data Protection Regulations (GDPR) and ePrivacy Directive (EPD) updated we saw a proliferation of “cookie consent” banners crop up on websites as a direct result. The key parts of the GDPR relating to this change are from Recital 30: Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags.