The National Conference of State Legislatures has posted a list of states that have enacted laws that require entities to destroy, dispose, or otherwise make personal information unreadable or undecipherable.
Revision 4 of the NIST guidelines released in April of 2013. This publication provides a catalog of security and privacy controls for federal information systems and organizations and a process for selecting controls to protect organizational operations, organizational assets, individuals, other organizations and the nation from a diverse set of threats. The security and privacy controls are customizable and implemented as part of an organization-wide process that manages information security and privacy risk.
This chart from the National Conference of State Legistaltures summarizes the identity theft criminal penalties, restitution and identity theft passport laws.
This guidance from the UK Information Commissioner’s Office offers a set of questions and approaches an organisation should consider, in conjunction with a prospective cloud provider, in order to ensure that the processing of personal data done in the cloud complies with the Data Protection Act.
IT Manager Daily provides this sample of a basic cloud computing policy template that organizations can customize to fit their needs.
This document provides guidance on the use of cloud technologies and considerations for maintaining PCI DSS controls in cloud environments. This guidance builds on that provided in the PCI DSS Virtualization Guidelines and is intended for organizations using, or thinking of using, providing, or assessing cloud technologies as part of a cardholder data environment (CDE).
This document provides supplemental guidance on the use of virtualization technologies in cardholder data environments and does not replace or supersede PCI DSS requirements.
This site lists national privacy laws by country as well as U.S. state and federal privacy laws including links to actual text. It also includes a section on legal updates and news.
In this report from Wisegate, you’ll get practical insights from senior privacy and security officers on how to balance privacy and data protection compliance requirements with the need for continued business growth and innovation.
This article offers ten ways to supplement your training activities and bolster your awareness program to minimize privacy errors causing inadvertent data loss.
Under the Fair and Accurate Credit Transactions Act of 2003 certain federal financial agencies are required to adopt consistent and comparable rules regarding the proper disposal of consumer report information and records. This rule is the standard those agencies must meet.
The U.S. Federal Trade Commission released this guide to help organizations determine whether they need to design an identity theft prevention program under the Red Flags Rule and if so, how to comply. The guide includes FAQs, tips and a four-step process to compliance.
This FTC brochure offers tips for compliance with the CAN-SPAM Act including “what if” scenarios and how to descipher whether your communication falls under the act.
This survey outlines a series of questions to help an organization better understand if employees are collecting and maintaining personally identifiable information within commercial products. The scope of this survey is limited to PII data that is collected, transmitted, or stored by the organization.
This excel workbook includes definitions of personally identifiable information in terms of applicable U.S. state laws, U.S. federal laws and national laws from countries across the globe.
Page 5 of 11 pages ‹ First < 3 4 5 6 7 > Last ›