Privacy Laws – Achieving and Maintaining Compliance

gdpr compliance discover unknown sensitive data

I relish the moment when someone says to me “It’s not like the regulations say that I must find every last entity. So why do I need to discover where my data can be found in order to achieve compliance? What I have is enough!” Why? Let’s start by understanding why these regulations came into […]

Dear CISO: Who is Responsible for the Privacy of Data Subjects?

CISO data privacy protected gdpr ccpa analysis

In Theory: The legal team/DPO should lead the privacy policy as well as manage direct interaction with data subjects, such as DSAR management. Security should lead the implementation of the privacy policy, including how to create, monitor, and protect the organization’s personal data inventory. In Practice: CISOs have the knowledge, tools and business processes in […]

Dear CISO: Partial Inventory is No Inventory at All

GDPR started it and others followed. Unlike with other sensitive data assets that we as CISOs need to manage, it’s now quite clear what is expected of us regarding personal data. After analyzing all these expectations (more like requirements) and merging them into practical actions, the only practical solution is to create a central and […]

Dear CISO: Where to Look for Personal Data

GDPR, effort, sensitive data subjects, overview, database, management

   For part 2 of the “Dear CISO” series, click here. Inventorize Your Personal Data Dear CISO,  It has come to my attention that recent regulations require us to manage personal data in a very specific way. I trust that the security teams that report to you are now managing sensitive data such as our […]