Samples, Tools and Templates    Finance

U.S. State Data Disposal Laws

The National Conference of State Legislatures has posted a list of states that have enacted laws that require entities to destroy, dispose, or otherwise make personal information unreadable or undecipherable.

Security and Privacy Controls for Federal Information Systems and Organizations

Revision 4 of the NIST guidelines released in April of 2013. This publication provides a catalog of security and privacy controls for federal information systems and organizations and a process for selecting controls to protect organizational operations, organizational assets, individuals, other organizations and the nation from a diverse set of threats. The security and privacy controls are customizable and implemented as part of an organization-wide process that manages information security and privacy risk.

U.S. State Identity Theft Statutes

This chart from the National Conference of State Legistaltures summarizes the identity theft criminal penalties, restitution and identity theft passport laws.

ICO Cloud Computing Guidance

This guidance from the UK Information Commissioner’s Office offers a set of questions and approaches an organisation should consider, in conjunction with a prospective cloud provider, in order to ensure that the processing of personal data done in the cloud complies with the Data Protection Act.

Cloud Computing Policy Template

IT Manager Daily provides this sample of a basic cloud computing policy template that organizations can customize to fit their needs.

PCI DSS Cloud Computing Guidelines (Information Supplement)

This document provides guidance on the use of cloud technologies and considerations for maintaining PCI DSS controls in cloud environments. This guidance builds on that provided in the PCI DSS Virtualization Guidelines and is intended for organizations using, or thinking of using, providing, or assessing cloud technologies as part of a cardholder data environment (CDE).

PCI DSS Virtualization Guidelines (Information Supplement)

This document provides supplemental guidance on the use of virtualization technologies in cardholder data environments and does not replace or supersede PCI DSS requirements.

Morrison Foerster Privacy Library

This site lists national privacy laws by country as well as U.S. state and federal privacy laws including links to actual text. It also includes a section on legal updates and news.

Tackling the Complexity & Uncertainty of Compliance in Privacy and Data Protection

In this report from Wisegate, you’ll get practical insights from senior privacy and security officers on how to balance privacy and data protection compliance requirements with the need for continued business growth and innovation.

Tips for minimizing human privacy errors

This article offers ten ways to supplement your training activities and bolster your awareness program to minimize privacy errors causing inadvertent data loss.

FTC Disposal Rule

Under the Fair and Accurate Credit Transactions Act of 2003 certain federal financial agencies are required to adopt consistent and comparable rules regarding the proper disposal of consumer report information and records. This rule is the standard those agencies must meet.

Fighting Identity Theft with the Red Flags Rule: A How-To Guide for Business

The U.S. Federal Trade Commission released this guide to help organizations determine whether they need to design an identity theft prevention program under the Red Flags Rule and if so, how to comply. The guide includes FAQs, tips and a four-step process to compliance.

The CAN-SPAM Act: A Compliance Guide for Business

This FTC brochure offers tips for compliance with the CAN-SPAM Act including “what if” scenarios and how to descipher whether your communication falls under the act.

Private Data Discovery Survey

This survey outlines a series of questions to help an organization better understand if employees are collecting and maintaining personally identifiable information within commercial products. The scope of this survey is limited to PII data that is collected, transmitted, or stored by the organization.

Global PII Directory

This excel workbook includes definitions of personally identifiable information in terms of applicable U.S. state laws, U.S. federal laws and national laws from countries across the globe.

Page 5 of 11 pages ‹ First  < 3 4 5 6 7 >  Last ›