<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1977396509252409&amp;ev=PageView&amp;noscript=1">
Contact a Specialist
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Learning Center
Learning Center
Articles
Articles
Whitepapers
Whitepapers
Case Studies
Case Studies
Events & Live Webinars
Events & Live Webinars
On-Demand Webinars
On-Demand Webinars
Compliance Reliance
Compliance Reliance
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility

Blog

The Schellman Advantage Blog

Stay up to date with the latest compliance news from the Schellman Advantage blog.

KEVIN KISH

Kevin Kish is a Privacy Technical Lead with Schellman & Company, LLC. With nearly 8 years industry experience, he has a strong history of implementing, maintaining, and assessing global information security and privacy requirements, including ISO 27001, HITRUST, Privacy Shield and the General Data Protection Regulation. As an industry advocate, he is passionate about researching and writing on the fundamentals and concepts of sustainable data privacy; and, providing education to clients on the risks, challenges, and best practices around data privacy legislation. He holds several privacy designations from the international association of privacy professionals, including CIPP/US, CIPP/E, and CIPM.

Blog Feature

By: KEVIN KISH
May 22nd, 2019

Introduction — by Lindsey Ullian, Threat Stack Compliance Manager Colorado has rightfully gained a reputation as one of the most socially progressive states as it was one of the first to adapt a regulated adult use marijuana marketplace. Now, Colorado is making news headlines again as it has adopted one of the nation’s strictest consumer privacy laws. The Colorado Consumer Protection Act (CCPA) is the result of a continued effort to protect residents’ personal data. Colorado’s law follows in theme with at least thirty-one other states that have heightened security surrounding consumers’ personal data and stands out as one of only twelve states that have imposed broader data security requirements. Any company or public agency storing a Colorado resident’s personal data will now need a data-protection policy, an efficient breach notification system, and the capability to destroy the data when it is no longer needed. Whether you are a small company of one person or a Fortune 500 company, as long as you have customers in Colorado, you must comply with this new law. And whether or not your business is located in Colorado is irrelevant — what is key is whether you have customers located within the state. For more details, take a look at the following article written by Kevin Kish, Privacy Technical Lead at Schellman & Company. In this article, Kevin highlights key takeaways from this law, as well as areas in which this law differentiates itself as one of the nation’s strictest data protection laws.

Blog Feature

By: KEVIN KISH
April 29th, 2019

On March 6, Mark Zuckerberg made a commitment to spending the next several years reorienting Facebook’s apps toward encryption and privacy. Can we take him at his word? Find out what digital marketing and data privacy experts think.

Blog Feature

By: KEVIN KISH
April 1st, 2019

Introduction — by Lindsey Ullian, Threat Stack Compliance Manager

Blog Feature

By: KEVIN KISH
March 25th, 2019

For those not tracking the evolution of California’s Consumer Privacy Act (CaCPA), we’ve got some updates for you!  While most are just familiarizing themselves with CaCPA’s original requirements, a new senate bill (SB-561) was just introduced last week by two California Senators with intention to further strengthen the rights of Californians.  And while changes to the bill are already hardly considered uncommon, the amendments could raise the stakes for organizations who are already concerned with the Acts expectations. 

Blog Feature

By: KEVIN KISH
October 15th, 2018

Now also known as the growing Internet of Things (IoT), connected devices are becoming more and more integrated into our everyday lives, continuously collecting our personal and non-personal data to make life more convenient.  As such, manufacturers are constantly searching for new ways to connect devices, expanding the IoT to include home security systems, healthcare devices, smart locks, and children’s toys to meet both expectation and demand. Though all of this indicates positive technological innovation and progress, one substantial problem remains – data security and privacy.

Blog Feature

GDPR | CaCPA

By: KEVIN KISH
September 4th, 2018

Organizations across the globe are making their way back to the ‘war room’ to analyze their applicability against one of the most comprehensive data privacy laws sweeping the US, the California Consumer Privacy Act of 2018 (“CaCPA”).  The CaCPA, approved on June 28th, 2018, was designed to give consumers (i.e. Californians) control over the use, including the sale, of their personal information.  Conceptually, having similar characteristics to the European Union’s data protection regulation, including its ability to be enforced on a global platform.

Blog Feature

GDPR

By: KEVIN KISH
June 12th, 2018

Article originally published by TheStreet

Blog Feature

GDPR

By: KEVIN KISH
June 6th, 2018

“Up to 4 % of an undertaking’s global worldwide annual turnover for the preceding fiscal year” This is arguably the single most powerful (and certainly the most frightening) statement from the GDPR. The heavy consequences of noncompliance with the recently enacted regulation was most likely the catalyst that propelled many organizations’ readiness review for GDPR. At a high level, one may assume that you can compute your risk exposure simply by multiplying (.04 x Gross Annual Revenue). But it is not always that easy! This formula applies to organizations that are part of a single “undertaking” as defined by the regulation. For organizations that are not considered a single undertaking, the total exposure may be more difficult to calculate since the annual revenue totals may be part of a larger group of enterprises. This aspect of GDPR raises a number of critical questions, including the following: What is an “undertaking”? How do I know whether I am a single undertaking? If I am not a single undertaking, how do I compute my potential risk of noncompliance? Is a fine inevitable, or could I receive a lesser penalty? Read the full article on www.threatstack.com