This is a sample data breach checklist.
Privacy data breach response policy and crisis management policy.
Read this article from Exterro to verify that your breach response solution can help you automatically respond to incidents by using the checklists included.
This sample policy specifies a company's procedures for handling data breaches.
Check out this sample policy developed by Exterro. In this resource we take a look at a basic incident and breach management process.
This article provides an analysis of how the Covid-19 pandemic has impacted companies specifically with so many companies having distributed workforces. In particular, the article examines the difficulties of applying vicarious liability to a distributed workforce, specifically with regards to when data breaches take place.
Relying on the status quo to understand large-scale unstructured data is risky. It’s also potentially time-consuming and expensive. Today, AI can completely and reliably automate the low value work of PI identification in document review and reduce risk. It lets cybersecurity practitioners like me provide more accurate, less costly, and less risk-laden results to clients.
This checklist of issues and questions can help you develop your data breach after-action report (AAR) to account for how your organization detects, responds, and recovers from a breach.
The Canadian government issued this document to provide guidance to private sector organizations, both small and large, when a privacy breach occurs. Organizations should take preventative steps prior to a breach occurring by having reasonable policies and procedural safeguards in place, and conducting necessary training. This guideline is intended to help organizations take the appropriate steps in the event of a privacy breach and to provide guidance in assessing whether notification to affected individuals is required. Not all steps may be necessary, or some steps may be combined.
In September 2021, the United Kingdom ("UK") Government’s Department for Digital, Culture, Media and Sport ("DCMS") published their proposed reforms to the UK’s data protection regime. The proposals set out in the DCMS Consultation would significantly alter the UK’s data protection framework and compliance requirements for businesses operating in the UK. This resource is an overview of the Consultation's five key areas.
Investors and the wider public are increasingly gravitating towards businesses that prioritize ESG credentials. This article is about the importance of data protection in this context and why it should not be overlooked.
The article provides a brief overview of open finance, a practice that allows third party service providers access to consumers’ financial data from banks and financial institutions using secure application programming interfaces (APIs).
Certain issues should be considered during the recruitment and onboarding of a prospective employee (“candidate”). The goal is to (1) ensure the candidate fully understands and appreciates his/ her obligations related to the candidate’s resignation, transition to the prospective employer and future work given any contractual obligations that may apply; (2) inform the prospective employer of any non-contractual risks or concerns arising out of the candidate’s activities prior to the candidate’s move to the new employer; and (3) assist the candidate and prospective employer in the transition.
Read about the heightened United States scrutiny over government agencies' transfer of imported personal data as reflected in President Biden's October 7, 2022 Executive Order on Enhancing Safeguards for US Signals Intelligence Activities.
The goal of this checklist is to ensure the candidate fully understands and appreciates his/ her obligations related to the candidate’s resignation, transition to the prospective employer and future work given any contractual obligations that may apply as well as other aspects of their new employment.
A brief overview of organizations' obligations to protect personal data in whistleblowing processes, after the European Directive 2019/1937 (Whistleblowing Directive) came into force on December 17, 2021.
In this multi-jurisdictional guide, explore an overview of key legal issues, rules and developments regarding data protection across a range of jurisdictions.
Some topics include the rapid evolution in data laws and more.
The new Data Protection Law, DIFC No. 5 of 2020 (the "DP Law"), became effective 1 July 2020 and replaces DIFC Law No.1 of 2007. Businesses caught by the legislation have a grace period of three months to bring their organisations into compliance with the new requirements.
The new DP Law has been aligned with data protection regimes elsewhere in the world such as the European GDPR and the California Consumer Privacy Act. Adoption of international data privacy concepts means we're hopeful that such reform will see other territories recognising the DIFC as providing sufficient regulatory protection to allow data transfers in and out of the DIFC with relative ease.
This article examines, from an English law perspective, the legal issues you need to be familiar with whether you are engaged in data scraping (either directly or through a third party), or if you are concerned that your content is being scraped and exploited without your consent.
Learn about Personal Data Protections Law in coming into force in February 2023.
Over the past couple of years Egypt has witnessed rapid legislative developments and a reformative wave in the spheres of cyberspace, information technology and regulation of internet activities. This new Data Protection law specifically focuses on safeguarding the personal data of individuals, which are being stored, processed or controlled electronically through online platforms.
Learn about key data protection and cybersecurity laws in this multi-jurisdictional guide.
Learn about Nigeria's 2022 data protection landscape and privacy trends for 2023.
As regulations for cross border data transfer continue to evolve, businesses will need to be proactive to remain compliant with the latest requirements. Learn what conditions need to be satisfied to export personal data from China.
2022 might shape up to be a challenging year in terms of privacy and data protections. In this resource, in-house counsel can gain perspective on the coming year by taking these hot topics into consideration.
Learn about the significant implications (for data users and holders) of the Data Act proposed by the European Commission in February 2022, regarding who can use and access data generated by connected devices.
Data risk was once thought of as a technical challenge. However, the onslaught of data breach and data privacy legislation, and subsequent litigation have changed this outlook. There is one activity that everyone is aware of which, if well-executed, can lower technical, legal, and privacy risks and increase compliance: a data retention/deletion program. Check out this whitepaper from Exterro to learn more about data retention programs.
In this Top Ten, learn tips as to how to organize your data protection practices. Now more than ever, companies are under pressure to create, implement, and maintain effective data protection plans.
This site uses cookies to store information on your computer. Some are essential to make our site work properly; others help us improve the user experience.
By using the site, you consent to the placement of these cookies. For more information, read our cookies policy and our privacy policy.