Legislation

veracode

New Cybersecurity Executive Order: What You Need to Know

Last night, the Biden administration released an executive order on cybersecurity that includes new security requirements for software vendors selling software to the U.S. government. These requirements include security testing in the development process and a bill of materials for the open source libraries in use, so known vulnerabilities are disclosed and able to be tracked in the future. Without following these standards, companies will not be able to sell software to the federal government.

reciprocity

Why SOX Compliance is Required

The Sarbanes-Oxley Act is a federal law that applies to all publicly traded businesses in the United States. It imposes sweeping corporate governance standards on those businesses, to improve accountability in the boardroom and senior management ranks and to make corporate financial statements more reliable.

veracode

Executive Order on Cybersecurity Is Imminent: It's Been a Long Time Coming

Following President Biden’s address to Congress last night in which he referenced cybersecurity as a priority twice, news is circulating today that the executive order on cybersecurity is imminent. This news comes as a much awaited and long overdue step towards creating standardization and structure around cybersecurity.

bearer

What is a ROPA, why you need one, and how to make the process easier.

Working toward GDPR compliance means taking inventory on the data you collect and process. You've mapped your data, have a catalog of impact assessments, but now you need a way to present it in a way that regulators can look over. As far as the general data protection regulation (GDPR) is concerned, every piece of data processing you do needs a record, and those records are stored in a record of processing activities (ROPA). Regulators use a ROPA to get a full picture of your data processing.

calligo

Data Privacy Update: Virginia Consumer Data Protection Act (VCDPA) in global context

And so it continues. Last month, Virginia passed its own privacy law, the Virginia Consumer Data Protection Act (VCDPA), adding fuel to the fire over a US federal privacy law, and introducing new complexities for businesses operating in or addressing the US market. It will take effect on January 1, 2023 (the same day as California’s CPRA which amends the current CCPA) and was passed in record-breaking time: less than two months, and by an overwhelming majority.

netwrix

CCPA Compliance: How to Become Compliant

Personal information (PI) enables businesses to customize the customer experience and boost sales. However, consumer rights advocacy and privacy regulations, such as the EU’s General Data Protection Regulation (GDPR) and state data privacy laws enacted in the United States, limit the collection of PI. Preeminent among these laws is the California Consumer Privacy Act of 2018 (CCPA).

Compliance, Quality, and Efficiency for GDPR

The GDPR (General Data Protection Regulation) requires businesses to protect the personal data they hold for any citizens of Europe. It pertains to those organizations that operate within the EU (European Union), and also those that offer goods and services to individuals in the EU. Proving GDPR compliance is all about documentation. It can be difficult, however, to cover your bases reliably and efficiently. Especially when regulations change.
tripwire

Role of Encryption in GDPR Compliance

Encryption has been a hot topic of discussion during the implementation phase of most data privacy laws. In the age where organizations are dealing with large volumes of data each day, the protection of this sensitive data is critical. The data, which is seen as a business-critical asset for organizations, should be protected against malicious hackers looking for opportunities to steal the data.