Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
Let’s consider a familiar fact pattern: a global ecommerce retailer, Plate Co, experiences a data incident as a result of a successful phishing attempt by a bad actor. The bad actor is able to access a server containing over 20 years of customer data. The incident is publicized on the dark web, which results in millions of customer data sets being made public, with a note that it was taken from Plate Co. As the company begins to investigate the incident, they realize that no one in the company knew that the data sat on the server that was accessed by the bad actor. The purchase history for some customers is from 2004, and includes credit card numbers and mailing addresses. The company expands its assessment of its systems and finds that they have been retaining other data, including email and the data for former employees, going back many years and have not been implementing any retention or disposal on that data. Concerned about the results of its investigation, and a potential FTC inquiry, the company decides that it must start to minimize its retention of data across the company. The company is also involved in a number of litigations and regulatory investigations that require it to preserve relevant data, including data going back several years. The company knows that it must take action, but is unsure where or how to start. In the meantime, the status quo persists and the data retained by the company continues to compound.
Continue reading by getting
started with a subscription.
China Finalizes New Regulations to Relax Personal Data Exports from China
By Lindsay Zhu, Scott Warren, Haowen Xu and Charmian Aw
Nearly six months after the Cyberspace Administration of China (CAC) was first introduced for public consultation, the much-awaited final rules on Regulating and Facilitating Cross-border Data Flows were published and came into effect on March 22, 2024. The New Regulations largely repeat the Draft Regulations, but now have further relaxed personal data exports from China.
The Perfect Storm: Why Contract Hiring Will Eclipse Direct Hiring In 2024
By Jared Coseglia
With significantly fewer fully remote positions available in 2023, active job seekers were faced with the question of whether to begin considering compromises on work-from-home flexibility or compromise in other areas like compensation, vertical mobility, quality of life, or employment modality.
Lessons for CISOs from the SolarWinds Breach and SEC Enforcement
By Daniel Garrie, David Cass and Jennifer Deutsch
In an era where digital threats loom large, the responsibilities of Chief Information Security Officers have expanded beyond traditional IT security to encompass a broader governance, risk management, and compliance role. The infamous SolarWinds Corp. attack illustrates the complex cybersecurity landscape CISOs navigate.
A Roadmap for Implementing Information Governance In Law Firms
By Gregg Parker
In today's digital age, the volume of data generated and managed by law firms has skyrocketed, presenting both opportunities and challenges. Unfortunately, in parallel with this exponential growth in data, and partially as a direct result of it, law firms have also experienced a significant increase in targeted cyberattacks.