AmericanCSM.com (https://www.americancsm.com/ ) is excited to announce our involvement with the International Map Industry Association (IMIA) (https://imiamaps.org/). IMIA is holding its annual Mapping Leaders Forum in Denver, Colorado this June 5-6.

The theme for this year’s Mapping Leaders Forum is about building trust.  This event will host speakers with visionary perspectives, cutting-edge mapping methodologies, emerging trends, and innovative applications.

As a company that prides itself on delivering top-notch privacy and cybersecurity services—including Privacy Assessments, and our CISO-as-a-Service and DPO-as-a-Service, AmericanCSM.com understands the importance of fostering a strong privacy and cybersecurity community. IMIA’s Mapping Leaders Forum 2024 is another leading industry gathering where leaders are focused on building trust with their clients, distributors, partners and employees.

Carlin Dornbusch, a seasoned veteran in the realms of privacy and cybersecurity and President of AmericanCSM.com, will discuss the topics of Privacy, Security, and Risk of data in a modern age. Carlin will talk over the modern challenges for businesses and individuals around data protection, as well as the impact of AI and other tools of the threat actors. Attendees will take away the Do’s and Don’t for managing their data, tips for managing data risks, and approaches for their businesses.

We also invite all attendees to connect with Carlin Dornbusch after the event at the cocktail reception and discuss more about trust building.

For more information on IMIA’s Mapping Leaders Forum 2024, please visit their website at https://imiamaps.org/mapping-leaders-forum/ and we look forward to seeing you there and continuing to trust around the globe together.

As businesses are being impacted by the European Union’s (EU) enactment of the General Data Protection Regulation (GDPR), many are asking themselves questions around the ownership of their privacy program. Do I need a Data Protection Officer (DPO)? Can I get by assigning this to my CISO, Director of Compliance, or my General Council?

The GDPR requirements for a DPO, their duties and reporting structure, are spelled out in Section 4 of the regulation, which encompasses Articles 37-39.

According to Article 37, you must assign a DPO if:

• You are a public authority processor
• You regularly and systematically monitor data subjects on a large scale
• You are processing on a large scale any special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10

This article goes on to state that public authorities are able to designate a single resource that can aggregate the responsibility across multiple organizations. This decision needs to take into account the bandwidth of the DPO and how scalable the policies and processes are across the organizations.

It is also important to note that the DPO can be an employee of the organization or a contracted resource. In either case, the controller must publish the contact details of the DPO and ensure the EU supervisory authorities have this information.

While there are parts of the GDPR that are considered unclear or grey, the requirements for a DPO are very clear. The DPO role is new for many U.S. based companies, but it should bring a strong sense of certainty around privacy to any company where EU citizen/resident data needs to be managed.

If you have questions about whether or not you need a DPO, please contact us at: https://www.americancsm.com/services/privacy-by-design/

*American Cyber Security Management (AmericanCSM.com) is focused on reducing your risk of data misuse. We do this through our Security, Privacy and DevOps offerings, delivered by seasoned experts. Our Privacy specialists can help you make sense of and comply with GDPR.

 

 

As the deadline for GDPR, May 25, 2018, nears, many companies are still struggling with their implementation and some are complete. This MeetUp brings together privacy practitioners, GRC leads, and others interested in and leading their GDPR transformations. The goal of this group is to discuss and share learnings, emerging best practices, technical solutions, and keep up to date on regulation changes.

You are welcome to join this group via MeetUp.com at https://www.meetup.com/meetup-group-coxjsIUF/ . Our next meeting will be focused on an overview of GDPR, allowing the group to determine future topics and the level of detail desired. Carlin Dornbusch from American Cyber Security Management will present the GDPR Overview and lead the group through Q&A.

This informative meeting will be held on Tuesday, February 27th, 2018, at the Trimble office in Westminster: 10368 Westmoor Dr, Westminster, CO 80021.

Details on GDPR specifics can be found on the EU’s official website: http://www.eugdpr.org/

As the deadline for GDPR, May 25, 2018, nears, many companies are still struggling with their implementation and some are complete. American Cyber Security Management would like to bring together privacy practitioners, GRC leads, and others interested in and leading their GDPR transformations. The goal of this group is to discuss and share learnings, emerging best practices, technical solutions, and keep up to date on regulation changes.

You are welcome to join this group via MeetUp.com at https://www.meetup.com/meetup-group-coxjsIUF/ . Our first meeting will be a collaboration of the attendees to define our future meetups and put a framework for the meetings in place that will be designed to aid in information sharing.

Our first meeting will be held on Wednesday, January 17th, 2018, at the Trimble office in Westminster: 10368 Westmoor Dr, Westminster, CO 80021.

Details on GDPR specifics can be found on the EU’s official website: http://www.eugdpr.org/

*American Cyber Security Management (AmericanCSM.com) is focused on reducing your risk of data misuse. We do this through our Security, Privacy and DevOps offerings, delivered by seasoned experts.

Who was breached today? This is the common question. Days are gone where we wonder if a business was breached or if our data was stolen from a public system. But what happens after May 25th, 2018 when GDPR is in full effect?

With the European Union’s (EU) enactment of the General Data Protection Regulation (GDPR), if breached systems contain European citizen information then specific steps and the timing of those steps are now mandated.

How many cases have we seen where U.S. companies are taking weeks, months, to even a year to disclose to their customers that their data has been inappropriately accessed, lost or stolen? In the recent case of Uber’s announcement, it took them more than one year to notify their customers of a massive data breach. Uber announced that over 57 million people were affected by their data breach and that 2.7 million were located in the UK.

How would this look under GDPR and the EU’s new watchful eye and powerful penalties? The EU wants to ensure communications of data breaches are accurate and timely. According to GDPR Article 33, any business who is suffering a breach of EU citizen information must notify the EU authorities within 72 hours. And the notice must contain, at a minimum; Nature of the breach, Name and contact details of the company’s Data Protection Officer (DPO), Description of the likely consequences, and a description of the corrective steps being taken. Secondarily, the business must also notify the EU citizens under Article 34 definitions. This article requires that notice is given “without undue delay” and the content of the breach notice to be a subset of the information sent to the EU authorities.

These few rules will change how many global U.S. companies handle breach notification and it will undoubtedly impact their processes for incident management. The good news is that we are seeing many companies implement GDPR in a holistic way whereby they are including all customer data, regardless of citizenship, in their data classification strategy when approaching GDPR. This means that these companies will treat all customer data the same way as they need to under GDPR, and not silo EU citizen information, which would require a duplication of many business processes. GDPR is also helping these larger multinational businesses understand the value and role of the DPO, the one responsible for the assurance of the new privacy controls.

The GDPR may be one of the largest privacy regulations the world has ever seen, but it may be just in time. In a world of constant data breaches, we all need to be more diligent and concerned of how companies collect and use our data, share that information with their third party suppliers, and keep us notified of the access to our information.

*American Cyber Security Management (AmericanCSM.com) is focused on reducing your risk of data misuse. We do this through our Security, Privacy and DevOps offerings, delivered by seasoned experts. Our Security offerings reduce your risk at the Infrastructure, Network, and Application levels.