July 2022 Newsletter
CompliancePoint
A leading provider of information security and risk management services.
Federal Privacy Bill: Breaking Down the American Data Privacy and Protection Act
The United States Congress is debating the?American Data Privacy and Protection Act?(ADPPA), a bill designed to regulate how organizations collect, process, manage, and securely store personal information. The federal privacy bill has bipartisan support but faces opposition from privacy advocates who want a stronger law and business groups who have voiced their concerns about the bill's private right of action. It remains to be seen if this bill will pass, but momentum is clearly on the upswing for a federal privacy law.
ISO 27001 Changes: What's New in 2022
As one of the most highly regarded information security standards on the planet, it’s somewhat surprising that ISO/IEC 27001 hasn’t been updated in nearly a decade. But the wait is coming to an end, after delays caused largely by the pandemic, the International Standards Organization (ISO) is expected to release a new version of the ISO/IEC 27001 Standard by the end of 2022, which includes 11 new controls.
Do You Need a "Do Not Call" Policy?
With the rise of?TCPA and telemarketing class action lawsuits, many companies wonder if they are fully compliant and following federal regulations related to telemarketing policies. If your company uses phone calls or text messages for any marketing or sales purposes, you likely need to have have in place written procedures to comply with the National DNC rules, which are required by the TSR and the TCPA.
领英推荐
New Guidance for Healthcare Audio Calls
While the Office of Civil Rights (OCR) continues to leave in place the waiver on HIPAA enforcement for telehealth, new guidance on the use of audio-only calls for the delivery of healthcare services demonstrates that telehealth will likely remain a part of the healthcare system, and will eventually be subject to HIPAA enforcement.
PCI DSS Blog Series: Requirement 7
Blog #7 in our PCI DSS series takes an in-depth look at the requirement to restrict access to cardholder data on a need-to-know basis. Learn how to better lock down payment card data and help stay in or achieve compliance by defining access needs and granting access permissions according to the employee's role within the organization.