The Schellman Blog

NOTE: Schellman has since updated and expanded this information in an article found here.

“We shall defend our island…we shall fight on the beaches, we shall fight on the landing grounds, we shall fight in the fields and in the streets, we shall fight in the hills; we shall never surrender.”

NOTE: Schellman has since updated this content, which you can find here. According to the Identity Theft Resource Center, we saw 781 data breaches in 2015 that totaled hundreds of millions of stolen records, many of which included personally identifiable information about customers—names, addresses and Social Security numbers.

“Scientia potentia est”. “Knowledge is power”.

A recent Experian Data Breach Resolution and Ponemon Institute study discovered that 55 percent of companies have experienced a data breach due to employee error, and 60 percent of companies believe their employees do not know about the company’s security risks. Furthermore, 66 percent of survey participants admitted that employees are their biggest challenge when developing and implementing data security protocols.

Cloud computing has become an essential aspect of modern business operations, offering scalability, flexibility, and cost-efficiency. However, with the increased reliance on cloud services comes the growing need for security and compliance assurances. As such, Cloud Service Providers (CSPs) now face the challenge of proving they can securely handle customer data while maintaining reliable operations.

American companies are hotfooted to clinch the new requirements of the Privacy Shield. Since the European Commission officially adopted the framework on July 12, organizations have scurried to understand the finalized principles, determine the applicability of each, and develop a plan for implementing any necessary privacy mechanisms and controls. Like most legal texts though, the Privacy Shield can be difficult to digest. Some of the principles have been significantly restructured, are riddled with stipulations and situational exceptions, and are a bit ambiguous. Our firm’s fielded an inpouring of questions looking for perspective and advice on which aspects of the Privacy Shield will be the riskiest and most burdensome. Here is my two cents worth on trying to prioritize and tackle some of the essentials.

As organizations face pressure to obtain third-party validation demonstrating their effective cybersecurity and risk management practices, they may wonder which compliance approach is best to pursue. HITRUST Certification is a globally recognized program that validates an organization’s compliance with the HITRUST Common Security Framework (CSF). An alternative to obtaining a HITRUST CSF Certification is the SOC 2 + HITRUST report, which serves as a collaboration between HITRUST and the AICPA.