This policy from the UK Information Commissioner’s Office outlines what the office will consider when deciding whether to initiate regulatory action. (August 2013)
The Gramm-Leach-Bliley Act requires many companies to give consumers privacy notices that explain the institutions' information-sharing practices. The FTC offers this brief look at the basic financial privacy requirements of the law.
Links to some of the approved Binding Corporate Rules, as published by Mehmet Munur, CIPP/US, of Tsibouris & Associates.
DLA Piper produced this handbook that sets out an overview of the applicable privacy and data protection laws and regulations across 63 different jurisdictions. (March 2013)
This is part of a series of guidance from the UK Information Commissioner’s Office that explains what organizations, and individuals who process personal data for purposes such as running a business, need to consider when they run, contribute to or download personal data from online forums such as social networking sites, message boards or blogs.
The model privacy form was developed for financial institutions to download and use to develop and print customized versions of a model consumer privacy notice. It was created jointly by the Board of Governors of the Federal Reserve System, Commodity Futures Trading Commission, Federal Deposit Insurance Corporation, Federal Trade Commission, National Credit Union Administration, Office of the Comptroller of the Currency, Office of Thrift Supervision and Securities and Exchange Commission.
Through this site, Hunton & Williams offers a convenient means to access relevant materials, including draft legislation, opinions and submissions, to assist organizations in understanding and addressing key proposals that may have a significant impact on their business.
The National Conference of State Legislatures has posted a list of states that have enacted laws that require entities to destroy, dispose, or otherwise make personal information unreadable or undecipherable.
Revision 4 of the NIST guidelines released in April of 2013. This publication provides a catalog of security and privacy controls for federal information systems and organizations and a process for selecting controls to protect organizational operations, organizational assets, individuals, other organizations and the nation from a diverse set of threats. The security and privacy controls are customizable and implemented as part of an organization-wide process that manages information security and privacy risk.
This chart from the National Conference of State Legistaltures summarizes the identity theft criminal penalties, restitution and identity theft passport laws.
This guidance from the UK Information Commissioner’s Office offers a set of questions and approaches an organisation should consider, in conjunction with a prospective cloud provider, in order to ensure that the processing of personal data done in the cloud complies with the Data Protection Act.
IT Manager Daily provides this sample of a basic cloud computing policy template that organizations can customize to fit their needs.
This document provides guidance on the use of cloud technologies and considerations for maintaining PCI DSS controls in cloud environments. This guidance builds on that provided in the PCI DSS Virtualization Guidelines and is intended for organizations using, or thinking of using, providing, or assessing cloud technologies as part of a cardholder data environment (CDE).
This document provides supplemental guidance on the use of virtualization technologies in cardholder data environments and does not replace or supersede PCI DSS requirements.
This site lists national privacy laws by country as well as U.S. state and federal privacy laws including links to actual text. It also includes a section on legal updates and news.
Page 4 of 10 pages ‹ First < 2 3 4 5 6 > Last ›