English - Governance, Privacy & AI

Information Security Management

Security Management Planning as a Governance and Compliance Instrument

Introduction Security management planning is a critical organizational process that enables the structured creation, implementation, and enforcement of an information security policy. While often treated as a technical or operational concern, security management planning performs a broader governance function by establishing how organizations protect information assets, physical facilities, personnel, and

Information Security Management

The Security Function: Building Measurable, Effective, and Strategic Protection

In today’s interconnected business environment, information security is no longer a peripheral concern—it is a strategic function essential to protecting assets, maintaining trust, and enabling growth. A mature security program aligns with business objectives through strong governance, measurable outcomes, and ongoing improvement (ISACA, 2018). The Role of Security

Privacy

California’s Delete Act (SB 362)

Enacted in October 2023, California’s Delete Act—Senate Bill 362—creates a centralized deletion mechanism for consumers, administered by the California Privacy Protection Agency (CPPA). 1. Introduction and Legislative Overview Senate Bill 362 (the Delete Act) was signed into law on October 10, 2023. The Act transfers data-broker registration

English

The FACTA Disposal Rule: Statutory Basis and Regulatory Scope

Abstract The Fair and Accurate Credit Transactions Act of 2003 (FACTA) amended the Fair Credit Reporting Act (FCRA) to expand consumer protections against identity theft. Section 216 of FACTA directed the Federal Trade Commission (FTC) and other federal agencies to issue regulations requiring “reasonable measures” for the proper disposal of

English

The Dodd-Frank Act: Financial Stability, Consumer Protection, and Regulatory Challenges

The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 represents the most sweeping financial reform in the United States since the Great Depression. Enacted in response to the 2008 financial crisis, the statute sought to restore financial stability, eliminate “too big to fail,” enhance transparency, and protect consumers.

Regulatory Compliance

Safeguarding Consumer Information under the Gramm–Leach–Bliley Act (the Safeguards Rule’s Core Objectives)

Introduction The Gramm–Leach–Bliley Act (GLBA) of 1999 introduced a comprehensive legal framework to regulate how financial institutions manage consumer information. A key component, the Federal Trade Commission’s (FTC) Safeguards Rule, sets forth explicit objectives designed to protect the security, confidentiality, and integrity of customer data. Information privacy

Regulatory Compliance

Identity Theft and the Red Flags Rule

The Federal Trade Commission (FTC) estimates that identity theft affects millions of Americans each year, causing not only financial losses but also significant reputational and operational harm. For businesses, the consequences can include regulatory exposure, litigation risk, and erosion of customer trust. Identity theft generally involves the unauthorized use of

Cybersecurity

NIST SP 800-66 Rev. 2: From HIPAA Compliance to Risk-Based Security Governance

The publication of NIST Special Publication 800-66 Revision 2 represents a deliberate shift in how HIPAA Security Rule compliance should be understood and implemented. Rather than functioning as a prescriptive compliance checklist, the document positions itself as a practical, risk-based guide that connects legal obligations under HIPAA with contemporary cybersecurity

Privacy

Overview of the HIPAA Privacy Rule

The document from which this text is drawn is only a summary and should not substitute for the full legal requirements of the Rule. In cases of conflict, the official Privacy Rule provisions take precedence. Purpose The HIPAA Privacy Rule, established by the U.S. Department of Health and Human