Search
    • 3 days ago

State Laws Require Businesses to Will o' WISP

In 2018, Michigan enacted its Data Security Act which applies to persons and entities with licenses from its Department of Insurance and Financial Services.


In order to comply with the act it is necessary to :


1. Prepare a Written Information Security Program (WISP).

2. File a certificate of compliance with the Department each year.

3. Report breaches to the Department within 10 days after discovery.


Massachusetts also has cybersecurity regulations which require that a WISP be filed. A template of a WISP that complies with Massachusetts law and the Gramm-Leach-Bliley Act has been prepared by Thomson Reuters and is available here on the website of the International Association of Privacy Professionals (IAPP). A WISP should cover the following:


1. Define personal information and sensitive information.

2. Designate a person responsible for implementing the WISP.

3. Provide for regular risk assessments.

4. Direct the distribution of information security policies within the organization.

5. Monitor service providers to ensure they comply with WISP.

6. Establish Incident response procedures.


    • 5 days ago

Ohio Data Protection Act

In 2018, Ohio enacted the its Data Protection Act under which companies can get safe harbor from tort claims by compiling with one of below cyber security programs:


1. The NIST Cybersecurity Framework.

2. NIST Special Publication 800-171, or 800-53 and 800-53a.

3. The FedRAMP Security Assessment Framework.

4. The CIS (Center for Internet Security) Controls.

5. ISO 27000 Security Management Standards


Businesses that have sites on which financial transactions can be made, must also comply with Payment Card Industry’s Data Security Standards (PCI-DSS). A safe harbor affirmative defense is also available to businesses that meet the security requirements of HIPAA, and the Gramm -Leach-Bliley Act.

    • Oct 20

Stop Internet Explorer From Running Javascript

A potential security flaw in Windows is the ability of Internet Explorer to run Java scripts. A .dll file located in the system folder on the C drive enables IE to run Java:


. . . you can disable the ability of IE to run Java scripts in the Registry Editor under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3



Change the value for 140D at this location to 3. This will cause the execution of the scripts to be disabled by default.




Sean O'Shea has more than 15 years of experience in the litigation support field with major law firms in New York and San Francisco.   He is an ACEDS Certified eDiscovery Specialist and a Relativity Certified Administrator.

The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer.

 

All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.

 

This policy is subject to change at any time.

 

Contact Me With Your Litigation Support Questions:

seankevinoshea@hotmail.com

  • Twitter Long Shadow

© 2015 by Sean O'Shea . Proudly created with Wix.com