The Growth of State-Specific Data Protection Laws in the U.S.
There is no serious traction for a national data protection law in the United States. But some forward-leaning states have taken action and put state-specific laws into place. It’s essential to understand who those laws impact (and who they don’t).
Who Let the Dogs Out? ETHIX360's Top 3 Predictions for GRC in 2023
I suppose this won’t be the first set of predictions you’ll read on the state of the risk and compliance market for 2023, nor the last. At ETHIX360 we try to identify a few different trends: one that should have already happened, one that people think has happened but hasn’t, and one that delivers a piece of tomorrow into our world today. If not today, at least one day in 2023!
ETHIX360 Receives Clean SOC 2 Type II Audit Report
We are excited to announce that ETHIX360 has successfully completed a System and Organization Controls (SOC) 2 Type II audit, performed by Sensiba San Filippo, LLP (SSF).
Texts: Who Owns Them? And Why Does That Matter?
Do you issue company-owned phones? Or do you allow (maybe even encourage) employees to “BYOD” (bring your own device) and use it for work purposes? Two very different scenarios here, as company-owned phones are a company asset, and all the contents of those phones is generally considered to be the property of the company. However, BYOD adds a layer of complexity to the discussion, especially if the employee owns the phone number and the device.
It's Time to Admit That Data Privacy Legislation Is a Disaster
The tech giants who abuse the privacy rights of individuals still do and still will. Meanwhile, the many businesses who were already protective of their data now have to spend a fortune and dilute their focus to comply with legislation that in large part does nothing except help a few politicians pound on their chest.
4 Things to Consider When Authoring Your Data Privacy Policy
While compliance professionals are allowed to rip off mattress tags and ignore email disclaimers, we actually have to author and enforce data privacy notices. Almost every application and website under the sun uses the words "I accept the privacy policy" somewhere. Even with that checkbox, the added complexity of GDPR, CCPA, and other similar laws might trump your policy anyway.
Cracking the Code on Data Breach Investigations
We all understand the cost of a data breach, whether it be reputational or financial ruin. In fact, in an actual data breach event, the best-case outcome is minimal damage because you cannot escape totally unscathed.
Data Breach Decisions: A Turning of The Tide
Compensation claims for data breaches have become increasingly common in the UK in recent years. This alert from our friends at Crowell & Moring looks at a few such decisions and their potential consequences.
The Risk Management Shell Game
Being in risk management today feels as much like a shell game at times as it does a strategic undertaking. We feel like we have our arms around likely risk factors and how to measure, monitor, and prepare for them, as well as how to have a solid posture on response when our defenses fail us, which at times they inevitably will.
Let the Past Inform the Future, but Not Define It
Those who forget history are doomed to repeat it. Let bygones be bygones. Forgive and forget. Relive and regret. Keep moving forward and don’t live in the past. You drive a car looking through the windshield, not the rearview mirror.
… Down Will Come Baby, Cradle and All.
This is the dilemma I fear most. In two recent blog posts, When the bough breaks… and …the Cradle Will Fall…, I explored the “upstream” impact of changing and evolving societal norms as a driver for regulatory change, and the “downstream” impact of regulatory change that is not the will of the people forcing societal change.
Ethics and COVID-19, or is it COVID-1984?
I suppose, like many Americans, sheltering in place has given me pause to think about a post-COVID America (read: Compliance and the Coronavirus). As I hear pundits and experts alike pontificate on what can and should be done around everything from re-opening…
SCCE Conference 2019 Recap from ETHIX360
Yet again, the SCCE knocks the ball out of the park in 2019. My team and I just attended the 18th Annual Compliance & Ethics Institute show at the Gaylord Hotel, in National Harbor, MD. We had a great experience; our days were full of networking, valuable knowledge, and best practice sharing amongst peers.
So You’re Compliant with GDPR; Time to Get Ready for The California Consumer Privacy Act (CCPA)
Consumer privacy enforcement is at an all-time high. You thought your business was all set after GDPR? Find out what you can expect next from The California Consumer Privacy Act (CCPA).
Debunking “Top 10” Compliance Predictions in 2019
It seems like everybody has a big prediction about compliance trends in 2019 - but don’t get your hopes up yet. Read why the prophecies may fall flat this year, from ETHIX360.
Top 5 Ethics and Compliance Predictions for 2019
With 2018 behind us, what’s ahead for human resources, ethics & compliances in 2019... And how can your company prepare for it?
Survey Roundup: Boards Want More Cyber-Effectiveness Data
A look at some recent surveys and reports dealing with risk and compliance issues.
How to Be Sure You’re Meeting New GDPR Compliance Requirements
Since adopting the GDPR in April 2016, the EU wants companies to be GDPR-compliant by May 25th of 2018. So, if your company is conducting online transactions in the EU, you should take a moment to learn about the GDPR and the steps you can take to comply with the law.
What Does Britain's EU Exit Mean for Your Company's Global Compliance Strategy?
We’re an ethics company, and although interested in the political ramifications (it’s impossible after all to grow up and live in Washington DC without being a political junkie!), I came back to “what does this mean for my clients?” and “how do I counsel their global compliance strategy in light of Brexit?”