First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

data protection

What a CEO needs to hear to invest more in compliance – strategy

Investment decisions are strategic. They are based on a business case and cost/benefit analysis. Expense decisions are more tactical, and are often associated with things an organization must do to keep running – like meet a regulatory requirement so they can check the box.

 

, , , , , ,

Blockchain and privacy: Transparency and innovation pose challenges for data protection

A blockchain is a peer network of nodes that use a distributed ledger that can be used to track transactions involving value including money, votes, property, etc. The most well-known application of blockchain technology is bitcoin. Transactions on a blockchain are not regulated by any central counterparty: the individuals involved in a given transaction provide their information (including personal information), a record is created that can be verified by nodes in the network. In this sense, the users forming the community act as their own regulators.

 

, , , ,

Adequacy of Canadian privacy law

Potential amendments could mean Canadian businesses receiving personal information from Europe will have more exposure to the differences in the data protection laws and enforcement regimes in the EU member states.

 

, , , , , ,

Hospital privacy breach results in OSC laying charges

The Ontario Securities Commission has announced a series of criminal and quasi-criminal charges following an investigation related to the misuse of confidential patient information from the Rouge Valley Health System and the Scarborough Hospital.

 

, , , , , , ,

What critical elements should appear in every third-party service provider contract?

Whenever data leaves the control perimeter of a company, there is a risk that the data will not be protected at the same level of security that is required by company policy. It is essential that data created, stored, manipulated or transmitted by a third party on the company’s behalf be accorded the level of protection that is defined by the company’s standards and policies.

 

, , , , , , , , , , , , , , , , ,

Protecting sensitive data against the insider threat with data masking

With an overabundance of information being stored or created in electronic format, and various tools for turning data (i.e., personally identifiable information, intellectual property, credit card) into cash, goods, and other services, the risks of doing business have increased. We are hearing more and more about attacks where the target is sensitive data, and the perpetrators are those with elevated levels of trust and access within the business.

 

, , , , , , , , , , , , , , , , , , , , , , ,