All News
10/18/23
Navigating the Wave of Privacy Legislation: 2023 State Data Privacy Laws
The laws reflect the influence of the GDPR's rights-based philosophical framework, according to Bloomberg's Law. They are intended to protect consumers from cyber risks and stay competitive with international data.
2/7/22
January Database Privacy Regulation Update
The new year starts with a hearing of the EU Court of Justice on “whether keeping a parallel database constitutes processing of data for a new purpose.” per Herke Kranenborg, the member of Legal Service, European Commission. The question justices will decide “is under what circumstances keeping a copy of a database in parallel with the original database can be seen as serving the same purpose.
10/15/21
Why Agile Teams Love Data Masking
In this blog, we'll unpack why Agile teams rely on data masking to control access to sensitive data without disrupting development.
9/23/21
August And September Data Privacy Law Updates
We summarize the latest data privacy law updates in the U.S. as well as the rest of the world.
9/3/21
T-Mobile Data Breach: How To Avoid A Similar Breach In Your Organization
Earlier this month, a T-Mobiledatabreach affected more than 50 million peopleafter acache of records was accessed via anunsecured router.Data exposed during the breachincludednames, dates of birth, social security numbers and other identifiable information.Storing unsecured data in your organization is a huge risk, which T-Mobile experienced first-hand The communications giant has since been taken to court for violating theCalifornia Consumer Privacy Act (CCPA)with one claimnotingthatthe companywas aware of the security vulnerabilities which led to the theft of customer information...
8/5/21
July Data Privacy Law Updates
July was an incredibly busy month on the privacyfrontwith ahost of newdata privacylaws coming into effect.United StatesThe New York City Council has approved a bill requiring third-partyfood delivery services to share customer data withrestaurants Despite privacy concerns, the law is expected to pass Mayoral approval.Also in New York, a new Biometrics Privacy Law has taken effect,limitingthe collection and use of biometric data.The Setting an American Framework to Ensure Data Access, Transparency, and Accountability Act has been introducedin Senate...
7/27/21
Unpacking The Concept Of K-Anonymity
No matter which industry you’re in, safeguarding sensitive data and personally identifiable information (PII) is the core purpose of your security framework.Hush-Hush Data MaskingComponentsuse avariety of industrial-grade algorithms to meet or exceed all accepted standards for data privacy metrics like k-anonymity and l-diversity.But what does that mean exactly?In this blog, we’ll tell you everything you need to know about thisprivacy model WhatIs K-Anonymity?Simply put, k-anonymity is built on the idea that identifying an individual is more difficult when that individual’ssensitivedatais hidden amongst a set of similar data...
7/9/21
Back To Basics: De-Identification VS Data Masking
When it comes to protectingprivate data, terms like data masking, de-identification and anonymization have become synonymous with theprocessof shieldingprivate datafrom the wrong eyes.While all three terms can technically be used interchangeably, there are subtle differences.What is the difference between de-identification and data masking?The terms data masking and de-identification can be used interchangeably, but what's important is to understandwhat data needs to de-identified and why, as well as therightmethodto use for thatspecific need De-identification is the process of de-identifyingsensitive data elements to prevent someone's personal identity from being revealed, whether for privacy or compliance purposes.Data maskingis the process ofreplacingsensitive elements withrealisticreplacement data, so thatthedata cannot be used to directlyidentifyan individual.According toIAPP, data masking is a broad term that covers a variety of techniques including shuffling,encryptionand hashing.As with the above terms,anonymization isusedto produce data that cannot be linked back to an individual.While data de-identification and anonymization aremethodsthatarehistoricallyused totarget indirect identifiers, data masking has become synonymous with the same function due to the variety of algorithms used to de-identity both direct and indirect identifiers, such as k-anonymity.For some interesting background reading on this topic, check outourWiki.Standards and GuidelinesA helpful resource for understanding when and how data should bede-identified is by studying the guidelines ofdata privacy lawssuch as The Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR).HIPAA, for example, definesthestandard for de-identification, in section 164.514(a) of the HIPAA Privacy Rule as follows:"Health information is not individually identifiable if it does not identify an individual and if the covered entity has no reasonable basis to believe it can be used to identify an individual."In order toachieve this standard, it offers in Sections 164.514(b) and(c) of the Privacy Rule two primary methods to de-identifydata, namely Expert Determination and Safe Harbor.Expert Determination takes a risk-based approach to de-identification todeterminethe likelihood of a person beingidentifiedfrom their protected health information(PHI)...
6/25/21
Data Masking Facts Vs Fiction
With data breaches, malware attacks andfrequentcases of ransomware making headlines, protecting sensitive data has become a necessity Data privacy tools like data masking are the go-to method for many organizations as data masking not only takes care of the essential task of de-identifyingsensitive data,but italso helps businesses meet the compliance requirements of data privacy laws likeHIPAA,GDPR, CCPR and more.But as with most things, there is a lot of misinformation, or “fake news&rdquo...
6/10/21
May-June Data Privacy Law Updates
Data privacy regulations have been gainingmomentumin the last two months, with data privacy and protection remaining at the forefront of public discourse Below are some recent updates to existing laws as well as news on new and upcoming data privacy laws in the United States and abroad.U.S...
5/24/21
Why Data Privacy And DevOps Should Always Work Hand in Hand
Organizations have a responsibility to safeguardprivate dataand to use that data responsibly.This is whywe arecurrentlyseeing aslateof newdata privacy lawsfollowing on fromthenotoriously stringentGeneral Data Protection Regulation (GDPR),includingthe CaliforniaConsumer Protection Act (CCPA), theVirginia Consumer Data Protection Act (CDPA) and the Colorado Privacy Act (CPA), each with theirown strictrequirements for handlingsensitive data.Non-compliancenot onlyresultsin heavy fines, but also leavesbusinesses vulnerable tolawsuits anddamage to their reputation But it is not only compliance and privacy officers that need to beconstantly alert and up to date...
5/14/21
The Accellion Data Breach – What We Know And What Can Be Learned From It
Considered the biggest data breach of 2020, the Accellion data breach affected hundreds of high-profile companies across all industries, and compromised the sensitive of data millions of users, patients, and individuals Months later, we are still seeing companies being affected.In this blog, we look at what went wrong, who was affected, and what we can learn from the incident.Who is Accellion?Accellion is a California-based file-sharing company specializing in B2B file-sharing software and collaboration...
5/7/21
How Our Partner Program Solves Your Clients’ Biggest Data Privacy Problems
Do you ever worry about what happens to the sensitive data your business shares with other parties?Like that attendee list you just sent off to your event organizer, or thepatient results you shared witha clinical trial team.How secure are their databases from data breaches?In fact, how compliant is your network of partners and clients withprivacy frameworks and laws such as the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA)? Not to mention recent state laws like the California Consumer Privacy Act (CCPA).One of the biggest favors you can ever do for your connections istoshare a valuable trade secret, and what could be better than patented data privacy software designed to solve their biggest problems — namelydata privacy,preventing data breachesandmeeting the compliance requirementsof data privacy laws As aHush-Hush partner, youcan doyour part to keepyour and your network’sprivate data safeandbuild a secure data flowthrough yoursupply chain.How your customers will benefitWe offer a range ofpatented data protectionsolutionssuited to your individual customer’s needs and tech stack...
4/30/21
April Data Privacy Law Roundup
There has been plenty of legal activity around data privacy in the United States recently, with a slew of proposed new privacy laws entering the fray This is hardly surprising considering that83% of American voters think privacy should be a top priority for Congress in 2021.Below is a roundup of the latest data privacy law updates from around the world.United States Privacy LawsThe Florida Privacy Protection Act is currently pending...
4/16/21
What Is The Difference Between Data Security And Data Privacy?
We talk a lot about protecting and safeguarding data, yet the concepts of data security and data privacy are different,although theycross over in many ways.But when itcomes to handlingsensitive data(datathat can be directly used to identify someone, as well as financial and health records), thetwo workhand in hand.What is data security?Data security refers to the processes in place to protect sensitive data from internal and external threats, both intentional and unintentional These threatscaninclude data breaches, malware attacks, malicious insiders and even physical theft.DevOps teams, system administrators and solution architects areusually the partiesresponsible for the security of datawithin a business.What is data privacy?Data privacy refers to the processes in place to safeguard the privacy of sensitive data and using that data responsibly...
3/26/21
The Benefits of Data Masking For Financial Services
Financial services such as banks, insurance companies, credit bureau, and lenders not only rely on data to understand and form deeper relationships with their clients, but also to weather market changes and maintain steadygrowth But this lucrative data is targetedbycybercriminals and insiders alike, anddata privacyregulators are becoming increasingly stringent with their compliance requirements.The burden is on the financial companiesthemselvesto take preventative measures to safeguard data, reduce the risk of data breaches,and maintain compliance...
3/17/21
Virginia Passes Its Own Version Of The CCPA
Earlier this month, the state of Virginia signed the Virginia Consumer Data Protection Act (CDPA) into law, making it the secondU.S.stateafter Californiato enact a comprehensive state privacy law.Advocates of the law include retail giantAmazon.The CDPA has been compared to California’s CCPA, whichisconsidered the most stringent consumer data protection law in the U.S.Who will the lawaffect?The law will affectcertainbusinessesoperating in Virginia,specifically:An organization thatconductsbusiness in Virginia oroffersproducts or services toVirginia consumers, and (2) meet one of the following requirements:During a calendar year, controls or processes the personal data of at least 100,000 consumers orControls or processes the personal data of at least 25,000 consumers and earns over 50% of gross revenue from the sale of personal data.(Source:National Law Review)Once theCDPAis in effect,Virginia residentswill have theright to access,rectify, delete,ask for, and opt-out of the sale and processing of their personal information.The following entities areexemptfrom the CDPA:Virginia publicentitiesGLBA-coveredfinancial companiesHIPAA-covered entitiesNon-profit organizationsTertiaryeducation institutionsCertain types of data have also beenexempted from the law including employer data, private health information (PHI), and data regulated by HIPAA and FERPA.The CDPA will be enforced by the Virginia Attorney General.Unlike the CCPA, under the provisions of the CDPA, private citizens do not have the right to actionlawsuits against companies who infringe on their rights.Data Protection becomes mandatoryAs with the GDPR, the CDPA requires businesses to "establish, implement, and maintain reasonable administrative, technical, and physical data security practices to protect the confidentiality, integrity, and accessibility of personal data."This means that businesses will need to take adequate measures to ensure their sensitive data is protected, including implementing data protection methodssuch asdata masking, which ‘masks&rsquo...
3/12/21
The Simple Guide to Sensitive Data Discovery
With the majority of staff still working from home and sharing data back and forth, keeping track ofsensitive datacan be challenging Finding your organization’s data and understanding its value can seem likean insurmountable task, especially when you consider thatdatapersistsinvariousformats,multiplesystems,and environments.Unaccounted forsensitive and personal datais a huge security risk and makes implementing access control and data protection solutions difficult.Sensitive Data Discovery helps system administrators and DevOps teamslocate, classify,and isolate data, no matter whereit islocated.What is Sensitive Data Discovery?Sensitive Data Discoveryis the process ofdiscovering sensitive data elements in databases.This processisaidedthrough the use of asensitive data discoverytoolthatuses discoveryandranking algorithms to scan structuredand unstructureddata forsensitiveelements, which it then classifies according to riskmodel...
3/2/21
What Developers Need To Know About The GDPR
Your Security Director has instructed your team to automate data protection in thedevelopmentlifecycle so the business can be GDPR compliant—you understand what you need to do, but do you know why?In this blog, we'll unpack everything you need to know about GDPR complianceand why developers need totake notice.What is the GDPR?The General Data Protection Regulation (GDPR) is adata privacy lawthataffectsbusinessesthatofferproductsand services to European residents and collector handletheirpersonal data The GDPR regulates the use ofthisprivate data and lays out a set of rules that businesses must adhere to in order to maintain compliance.The GDPR specifically relates to the processing of data (Article 5), the retention of data (Article 17), the deletion of data (Article 24)and the security of data (Article 32).Article 34 lays out the protection measures needed to mitigate data breaches including data protection methods such asdata masking.That’s where you as a developer come in, asdata maskingis an essential part of the development toolkit.What developers need to know about the GDPROne of the key requirements of the GDPR isfordata privacytobe designed into the development ofanyproduct, or to put it simply,as adefaultstep of software development...
2/12/21
Our Top 5 Data Privacy Predictions For 2021
TheNew Normalis here to stay, which means businesses will have to continue navigating the risky waters of disruption caused by the global pandemic.Less international travel, more working from home, and more riskofthings going horribly wrong.The keysto survivingthis new normalare resilience and being able to meetthe challenges ofa rapidly changingworld.With that in mind, here are our predictions for what lays ahead in the data privacy space.Customers Will Be More Privacy-Savvy2020 saw a record number of data breaches taking place, with scandal after scandal dominating headlines According tooneclaim,more data was breached in the first six months of 2020 alonethaninany other year on record.As a result, customers are becoming more aware of their privacy rights andthe responsibility of the companies they do business with.90% of businesses surveyed forCisco’s 2021 Data Privacy Benchmark Studybelieved thattheir customerswould not make a buying decision without first knowing the company’s data practices and protectionmethods.There can be no denying a global privacy awakening has taken place.Be transparent about your data practices and ensure every member of the team, no matter where they are working from, knows the company policy on data privacy...
2/9/21
Our Latest Updates Usher In New Era Of Seamless Data Privacy
It’s a day all software companies look forward to — today we released our latest updates to our data privacy tools designedto help organizations enjoy a frictionlessdata protection experience.Our patentedData Masking Componentsallow automated data masking prior to development, empowering organizations to control the flow of data in and out of the business quickly and without disruption, and satisfy the requirements of data privacy laws like GDPR, HIPAA, and PCI DSS.Key updates to the software include a new Import and Export editor,new filters in our Number Rollup component, and a simple-to-use drag and drop interface that allows developers to mask sensitive data quickly and easily.The big new feature is our Embedded Dictionary which allows you to create your own dictionarywhich can be embedded in our data maskingcomponent.TheHush-Hush Sensitive Data Discovery Toollocates, analyzes, and classifies sensitive data within an organization, helping developers track the flow of data quickly for security purposes and take preventative action against attack.Updates include all-in-one installation for quick deployment, auto-save capability, simplified workflows, and additional support for SQL Servers.The new Auto-Save safely encrypts and stores your passwords, allowing you to close and re-open the application without having to re-enter your credentials or disrupt analysis.Hush-Hush data protection solutions are also available directly from the Microsoft Azure Marketplace, an online market for buying and selling cloud solutions certified to run on Azure The Azure Marketplace helps connect companies seeking innovative, cloud-based solutions with partners who have developed solutions that are ready to use.Hush-Hushhas a fourteen-year track record of providing patented data masking and sensitive data discovery solutions to businesses across the globe...
1/28/21
Data Security Statistics From 2020 You Might Have Missed
Cybercriminals were quick to take advantage of the disruption we all experienced last year According to Verizon's Data Breach and Investigations Report 2020, there were 3950 data breaches last year across 16 industries, the biggest resulting in 10.88 billion records leaked.We took a deeper dive into various industry reports to identify some more data privacy statistics from the unprecedented year that was 2020.Fines got biggerData privacy was a hot topic in 2020...
1/15/21
What You Need To Know About The New HITECH Amendment
In January, the Health Information Technology for Economic and Clinical Health Act (HITECH) was amended to include measures designed to enforce compliance with both HITECH and HIPAA.Going forward, the Department of Health and Human Services (HHS) will have to determine if a company has adequate security practices in place when making considerations about fines and penalties.For example, if a company suffers a data breach, the HHS would look to see if the company took correct remedial action, such as implementing a security framework Other factors that will be considered include previous compliance audits and violations within the course of 12 months.Essentially, companies need to implement recognized cybersecurity practices or else risk hefty fines for non-compliance.Known as HR 7898 or the HIPAA Safe Harbor Bill, the amendment was passed unanimously by the Senate...
1/7/21
Will The UK Still Fall Under The GDPR After Brexit?
Now that Britain has left the European Union (EU), will it still fall under the jurisdiction of the GDPR? The short answer is yes.Before Brexit, the United Kingdom (UK) was a member of the EU and fell under the jurisdiction of the General Data Protection Regulation (GDPR), the EU’s comprehensive and notoriously stringent data privacy law This relationship ended at midnight on 31 December 2020 when the UK officially left the EU...
12/4/20
Why DevOps Should Be Your Privacy Champions
Anyone familiar with data privacy legislation will know that The General Data Protection Regulation (GDPR), Europe’s main data privacy law, is considered the benchmark which other regulations follow It was the foundation from which The California Consumer Privacy Act (CCPA) was built, and will no doubt be the model for others.One of the main provisions of the GDPR is for businesses to adopt the principle of Privacy by Design, which calls for data privacy to be taken into account during the entire engineering and development process.For many businesses, sound data privacy practices and compliance measures are adopted once business operations are already well-established...
11/30/20
Why Easy Integration Is Important For Developer Tools
When it comes to sourcing data protection software and developer tools for enterprises, several factors are usually taken into account, such as if the software meets regulatory compliance standards, whether it satisfies the needs of the business, and of course, price.One factor that isn’t given enough airtime at the beginning of the procurement process, is the impact any new software or tool will have on your developers.In order to avoid unnecessary disruption and incur additional costs, it’s crucial to understand the needs of your developers and DevOps teams, and make sure any new technology meets their criteria for a smooth transition.Developers are crunched for timeTo maximize efficiency and meet production deadlines, most Development teams work in sprints, with tasks carefully planned in advance In other words, if there is a business need for data privacy, unless creating an in-house solution is accounted for in their schedule, most teams just don’t have the time to build their own solution...
11/25/20
Hush-Hush Sponsors First Virtual Matahacks Event
Earlier this month, Hush-Hush was a proud sponsor of Matahacks, a 48-hour virtual hackathon in which students created their own products and presented them to representatives of different STEM industries The highly-anticipated three-day event was organized by students and STEM clubs of California State University, Northridge (CSUN), and was attended by hundreds of participants from around the world.Participants were given complex programming tasks to solve over the course of the event, with Amazon gift cards up for grabs at the end (redeemable on Steam, of course).Winners included:Best of Communications: LinguaKanu Chandra, UCIHenry Liu, UCIPhilip Truong, UCIAdvay Anand, UCIBest of Gaming: Ice WavLogan D'Auria, RITIsaiah Lateer, RITBest Overall: Gid &...
11/20/20
The Importance Of Data Protection For Pharma Companies
In the pharmaceutical sector, access to data is crucial for the research that goes into the manufacturing of new drugs These drug companies require access to vast amounts of patients&rsquo...
11/13/20
Bookmark This GDPR Checklist For Your Business
Is your business GDPR compliant?The General Data Protection Regulation (GDPR) relates to all businesses that offer goods and services to European residents and collects personal data in the process.That means that if you have even one customer from the EU, you’re required to be compliant with this comprehensive privacy law The good news is that if your organization is serious about data privacy and data protection, you probably have nothing to worry about.Follow this simple GDPR checklist to see howcompliant your business really is.Self-assessmentAccording to the GDPR’s own website, conducting a data protection impact assessment is the simplest way of establishing compliance, not just with the GDPR, but with other privacy laws like the CCPA and HIPAA as well.Ask yourself the following questions that relate to your data processing activities.- Have you conducted an information audit?- Does your business have a legal justification for processing data?- Do you provide clear information about your data processes and privacy policy?- How transparent are you about data processing?- Did your customers opt in to have their data collected?Data securityOne of the core principles of the GDPR is that of “data protection by design and by default.&rdquo...
11/6/20
How Sensitive Data Discovery Helps Protect Your Student Data
If you work in the educational sector, whether as a university professor, college administrator, a tutor or teacher, or even a high school principal, you will no doubt come into contact with student data.But did you know that the collection, handling, and privacy of student data is subject to the requirements of the Family Educational Rights and Privacy Act (FERPA)?Don’t worry You’re in the right place...
10/30/20
What to expect from the SAFE DATA Act
A new federal privacy law has been introduced to the U.S Congress which is garnering a lot of excitement...
10/22/20
Everything You Need To Know About CCPA Compliance
The California Consumer Privacy Act (CCPA) came into effect on 1 January 2020 The strongest consumer data protection law in the U.S., it lays out the rules for handling customer data, similar to the EU’s General Data Protection Regulation (GDPR), which is considered the most important and comprehensive set of regulations around data privacy.What happens if you don't comply? — your business could be liable for a heavy fine, as mega-companies like TikTok and Google who have fallen short of the GDPR compliance have discovered.In this blog, we will outline everything you need to know about this new data privacy law.Who does the CCPA apply to?In a nutshell, the CCPA protects the data privacy rights of residents of California and governs the businesses that handle their personal information.The CCPA applies to all for-profit businesses operating in California that collect and process personal customer information and that meet the following requirements:Exceeds $25 million gross revenue annuallyHandles the personal information of 50,000 or more customersAcquires more than 50% of annual revenue from selling personal customer informationThe law also applies to any business that controls or is controlled by an entity that meets the above criteria.The CCPA is enforced by the California Attorney General, and currently provides businesses 30-days to comply if accused of noncompliance...
10/16/20
The Only Data Privacy Glossary You'll Ever Need
Navigating the landscape of data privacy and compliance can be daunting If you’re new to the field, or simply need a refresher, here is a list of the most common data privacy terms you should be aware of.Adequate Level of ProtectionThis refers to the level of data protection that the GDPR requires from a country or international organization before cross-border data transfers can take place.AnonymizationAlso known as Data Masking, this is the process of altering personally identifiable data (PII) so that it cannot be used to identify an individual.Audit TrailAn audit trail is a trail of documentation used to record activity for auditing purposes...
10/12/20
Data Masking Best Practice For Test Data Management
Most businesses use test data for testing, QA, and training purposes outside of the development environment, but often don’t give much thought to how that data is protected.Data masking protects data in non-production environments by substituting identifiable values like names, surnames, social security numbers, and credit card numbers with similar values that cannot be used to identify an individual.In this blog, we will share some data masking best practice for protecting test data and explain why it should form part of your regular DevOps activities.Why Data Masking?Data masking is a method of protecting sensitive data by de-identifying or masking values that could be used to identify an individual, as is required by data privacy laws such as the GDPR, the CCPA, HIPAA, and PCI/DSS While data masking conceals certain values, it also succeeds in retaining test data’s referential integrity, so test data retains its usefulness for testing, quality assurance, and training, without posing a risk to anyone’s data privacy...
10/2/20
How To Train Your Team To Avoid The Most Common Insider Threats
As we reported in our last blog, the cost of a data breach averages globally at $3.86 million Lost revenue, operational disruption, legal fees, and reputational costs are just some of the consequences of a serious breach...
9/25/20
How Much Does A Data Breach Really Cost A Business?
IBM recently released its updated Cost of a Data Breach Report for 2020, which analyzed 524 data breaches in 17 countries The study, which was conducted by the Ponemon Institute, found that the global average total cost of a data breach now stands at $3.86 million...
9/18/20
Rapid Digital Transformation In Healthcare And The Need For Data Privacy
COVID-19 has fast-tracked digital transformation in an industry known for dragging its heels — healthcare The problem lies with deep-rooted culture and legacy systems that span the industry as well as a lack of agility...
9/11/20
Why Data Masking Works Best For Different Types Of Breaches
Protecting sensitive data from data breaches is every company’s lawful responsibility, but data breaches come in many forms Hacking and Malware are common causes of data breaches, but leaks can occur in every corner of your organization — and without.Data masking is a thorough method of protecting sensitive data that comes recommended by risk frameworks such as the NIST framework, and by the GDPR law itself.In this blog, we will unpack how data masking works against the most common types of data breaches.Types of BreachesFirst, let’s look at the types of breaches that can affect an organization.Card:Debit and credit card fraud, not specifically due to hacking.Hack:A hack perpetrated by an external source or Malware.Insider:This is when the threat is an insider, like a member of staff or vendor.Physical:Loss or theft of physical documents.Portable:Loss or stolen portable devices such as hard drive, laptop or mobile phone.Stationary:Prohibited access to a stationary computer or server.Disclosure:Unintentional disclosure of information.Each of the breaches mentioned above has one defining characteristic in common — loss of data.How Data Masking combats several types of breach at onceData masking works by anonymizing certain elements of data to render it safe...
9/7/20
What Is The Difference Between Personal and Sensitive Data?
In the digital age we operate it in today, personal data is widely recognized as an asset, as well as a commodity It can be bought and sold, and is the basis of most corporate business intelligence and marketing strategies...
8/28/20
Why Every Risk Management Plan Worth Its Salt Should Start With Data Discovery
Whether they know it or not, any business or service that collects, handles, or processes personally identifiable information (PII) is subject to various laws and regulations that set out the requirements for data privacy Laws such as the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Health Insurance Portability and Accountability Act (HIPAA) do not simply act as guidelines...
8/21/20
Everything You Need To Know About HIPAA Compliance
For healthcare providers, whether you’re a hospital, doctor, nursing home, health insurance company, lab, IT company, or clearinghouse — if you handle patient data, maintaining HIPAA compliance is essential Those that don’t toe the line risk huge fines and increase the likelihood of experiencing a serious data breach.In July 2020 alone, over 1 million patients were affected by data breaches.Here is everything you need to be aware of where sensitive patient data privacy is concerned, and what you can do to stay compliant with this data privacy regulation.What is HIPAA?Signed into law in 1996, the Health Insurance Portability and Accountability Act (HIPAA) outlines the rules and regulations for medical data protection...
8/14/20
Why Is Healthcare So At Risk To Data Breaches?
More than 45% of data breaches are reported by the healthcare industry This year, one of the biggest healthcare data breaches was reported by a Fortune 500 healthcare company, which suffered a ransomware attack and data breach that affected 365,000 patients...
8/10/20
Approaching Data Privacy From A Customer’s Perspective
Data privacy regulations are on the side of the consumer Both the GDPR and the CCPA see individual control and autonomy as the ultimate objective of data protection...
8/3/20
How To Protect Data From Insider Threats During Lockdown
When we discuss data breaches, most of us will automatically think of hackers and Malware as the main causes, but more and more cases of data breaches are being put down to insider threats, with some reports estimating that as many as 60% of all security breaches involve insider negligence One of the biggest brands to report such a breach was retail giant Wal-Mart, which is now facing a lawsuit for allegedly violating CCPA regulations.According to privacy regulations such as PCI, GDPR, and HIPAA, organizations need to ensure that sensitive customer data such as credit card numbers, social security numbers, and account numbers, are protected across the organization — including non-production environments and remote desktops...
7/31/20
How To Secure Sensitive Data When Your Team Is Working From Home
COVID-19 has changed the way businesses operate Those that can, have shifted operations to the cloud and let staff work from home...
7/28/20
The Simple Guide to Data Masking
A new report reveals that poor privacy practices increase an organization’s chance of being breached by as much as 80% This week alone saw thirteen universities targeted by a combined ransomware and data breach attack.Data masking is one of the safest methods of protecting sensitive data...
7/22/20
Top EU Court Invalidates EU-US Privacy Shield
In a landmark ruling that can have far-reaching effects for data privacy compliance, the Court of Justice of the European Union (CJEU) has invalidated the EU-US Privacy Shield, which allows the legal transfer of personal data between the EU and the U.S.The Privacy Shield data transfer framework is currently used by 5,300 companies in the U.S.The CJEU found that U.S law and surveillance activities go against European citizens&rsquo...
7/17/20
What is the difference between data encryption and data masking?
Any company that handles customer data, be it payment card information (PCI), personally identifiable information (PII), or financial account numbers, needs to employ a certain level of data protection.Protecting sensitive customer data is essential for building and maintaining trust with your customers, but also forms part of your business’s risk management strategy that covers cybersecurity, compliance, and internal threats According to the FBI's 2019 Internet Crime Report, the total cost of reported cybercrimes last year was $3.5 billion.In this article, we’ll break down the difference between the two most common forms of data protection — data masking and data encryption — so you can determine which method is right for your business.What is data encryption?With data encryption, original, readable data or plaintext is converted to unreadable text or ciphertext using an encryption algorithm...
7/13/20
How Covid-19 Is Reshaping How We Think About Data Privacy
With the new normal, comes new risks.According to a recent KPMG survey,75% of Americans are thinking more about data privacy now than before the COVID-19 pandemic began.It stands to reason considering the flow of data has never been more insecure With companies forced to go remote and track and trace measures being implemented across the board, it’s not imprudent to wonder what checks and balances are in place to prevent misuse, security breaches, and data leaks.Organizations and individuals alike need to look closely at the way they handle data...
7/7/20
Adopting The NIST Privacy Framework Could Be The Best Business Decision You Can Make
Many companies understand the risks associated with a data breach, but many don’t fully comprehend just how far data travels within an organization — and beyond Activities that cause data privacy risks are often unintentional...
6/29/20
Does Data Masking Meet HITRUST CSF recommendations?
Consider this your quick guide to the HITRUST CSF and how it applies to data masking.These days, data is considered a commodity, and because of that, private data is becoming more and more accessible to third-parties Many consumers react with surprise when presented with marketing offers that are too accurate for comfort, or asked about details of their life they didn’t know their cellular phone company representative was privy to.In the healthcare industry, however, certain regulations apply to how confidential data can be used...
6/24/20
Data Privacy Regulations You Need To Know About
Data protection management is an important activity in any successful business Customers expect it, the media are constantly on the lookout for leaks, and hackers are getting smarter...
6/19/20
5 Ways To Manage Data Privacy Risk In Your Organization
Without proper data governance, data breaches pose a major risk for businesses, both financially and reputationally The risk is higher during times of disruption...
6/17/20
Google’s Recent GDPR Fine Is A Lesson To All Businesses
Google's recent unsuccessful attempt to appeal a GDPR fine is an important turning point in the war against non-compliance If Google isn't exempt, no one is.In short, Google lost its appeal against last year’s ruling by French data authority CNIL, which saw the tech giant penalized €50 million for not complying with GDPR privacy legislation.In January last year, Google was accused of using a vague and unclear process for gathering data and failing to sufficiently inform its users of how their information would be used...
10/30/19
October 2019 News - Latest Releases, GDPR happenings, and more
In this issue: NEWS, NEWS, and more NEWS! New components, past events, upcoming webinars, and more October2019 Phone 855.968.4874 Fax 855.487.4773 info@mask-me.net www.mask-me.net Hush-Hush EditorialJustlike with the year 2000, GDPR has created a lot of anxiety among software professionals and rightfully so...
10/25/17
Azure and RollUp components Issue
Azure Issue96 August 2017 Phone 855.968.4874 Fax 855.487.4773 info@mask-me.net www.mask-me.net In This Issue Product News AzureAs announced in our press release, now you can try HushHush Data Masking components in Azure with a free limited time trial for a month Our solution is a VM based image with the components and the sample solution that has a package per each component with a typical data sample...
8/22/17
Press Release: Hush-Hush Announces the Only Data Anonymization Solution to Natively Extend Microsoft
LAS VEGAS-Aug 22, 2017-PRLog-- HushHush, the leading innovator in the data de-identification space, today announced the general availability of its SSIS- based solution release into Azure - the only data anonymization/static data masking solution that natively extends Microsoft's stack of products...
6/10/17
Security Data Warrior Presentation at SQL Saturday LA
Vlad Ushakov and Virginia Mushkatblat present at the very first SQL Satuday LA on June 10, 2017http://www.sqlsaturday.com/640/Sessions/Details.aspx?sid=63696 ...
11/16/16
SQL Malibu Ad-Hoc , TOTAL SUCCESS
We were proud sponsors of SQL Malibu, our permanent local group of SQL enthusiasts At the last moment the founder of HushHush, Virginia, stepped in to substitute sick scheduled presenter...
8/5/16
Mask Data in SQL Server - Dynamic and Static Masking
We have recently enjoyed participating in the SQL Saturday Orange County with the seminar on Data Masking While introducing new and exciting feature of Dynamic Data Masking, Microsoft has created some confusion in many people on when and how to use it...
6/9/16
SQL Security Fundamentals with PASS' VC Fundamentals
For HushHush, the month of June was full of PASS Virtual Chapter Presentations.On June 10th, HushHush presented on the fundamentals of SQL Server Security For those of you who missed the event, here is the link to the recording: VC Fundamentals Youtube ChannelA total of 275 people attended the session...
5/23/16
Learn SSIS with SQL Malibu in May 2016
Come and learn SSIS old and new features on May 26, 2016 here
4/16/16
Next April 19th Meeting SQL Malibu with Thomas Grohser
HushHush in conjunction with CSUN sponsors SQL Malibu April's Meeting Thomas Grosher is demonstrating that BigData is not all about Hadoop...
4/12/16
Supporting ISACA LA Spring Conference on April 12
Supporting local ISACA: we partook in the spring ISACA conference and did a raffle This conference is an important educational event for all learning about software compliance...
4/3/16
SQL Saturday Webinar - part 2, hands-on
For those who missed the presentation on Saturday, April 2 in Orange County SQL Saturday, the link to the presentation is posted on a schedule You can also join our webinar, part 2 with hands-on masking demo: Hi there, Virginia Mushkatblat is inviting you to a scheduled Zoom meeting...
4/2/16
SQL Saturday Orange County - HushHush founder is speaking about Data Masking
Please join Virginia Mushkatblat in her presentation about data masking techniques for Dynamic Data Masking with SQL Server, Static Data Masking with custom and tools She will cover algorithms, scenarios and privacy-in-design approaches...
2/25/16
Meeting with Kathi - Always a Success
Meeting Kathi Kellenberger at SQL Malibu was a delight She always delivers an outstanding quality, and this time was not an exception...
2/16/16
HushHush and SQL Malibu: Kathi Kellenberger
Next Meeting: Tue, Feb 16 2016The need for a SQL Server DBALanguage: EnglishEvent Type: In-Person & OnlineOnline Meeting URL: https://zoom.us/j/485174277 RSVPURL: http://sqlmalibu1602.eventbrite.com /p>Kathi Kellenberger | Teammate with Linchpin People and Data Platform MVP, co-author of SQL Server books, a trainer and speakerSQL Server is a popular and powerful relational database system It's easy to install with just a few clicks...
12/16/15
$750,000 HIPAA settlement underscores the need for organization-wide risk analysis
Once again, the organizations are reminded that payments for non-compliance are not limited to a small fee The enterprise-wide risk assessment and analysis is needed to understand where to put protections against the breaches...
11/16/15
Ever thought of how to speed up your ETL? Come to learn to Brandon Leach's Partitioning Presentation
Table Partitioning in SQL ServerBrandon Leach | DBA for SurveyMonkey, SQL Server Professional, Co-Organizer for the New England SQL User's Group, and Speaker City of Calabasas Library 200 Civic Center Way Calabasas, CA 91302 November 19th, 6:30 pm Do you find you have tables and indexes that have grown really large? Are you moving around a lot more data than you used to? Are your windows for jobs and maintenance getting tighter? If you answered yes to any of these questions, partitioning may be for you!Partitioning allows us to break a table or index down into smaller more manageable chunks It can enable us to perform maintenance on just part of a table or index...
10/26/15
FTC and International Partners Launch New Privacy initiative
FTC and seven international partners boost international dialogue and create an initiative to boost cooperation among countries in handling consumers' privacy Thanks to enabling new technology, the complaints can now go international with more privacy enhancement...
10/26/15
PASS conference is starting tomorrow
PASS is a great event for every professional in the SQL server domain, be they novice or a seasoned professional There are a total of 5000 people from 52 countries...
10/22/15
HushHush is a proud sponsor of SQL Saturday Oregon, on October 24
This is an especially rich event with many sessions devoted to SQL Server stack security and privacy as well as Business Intelligence We are hoping to meet all of you at the event, and will be happy to explain how you could use SSIS for data masking as well as reporting services.See you Saturday!...
10/15/15
Community Events: Hardening SQL Server With SQL Malibu and Craig Purnell
Please, come to partake in the excitement of learning about SQL Server security! Craig Purnell presents "Hardening SQL Server" October 15, in Calabasas Public Library, at 6:00 pm with SQL Malibu Next Meeting: Thu, Oct 15 2015October 2015Language: EnglishEvent Type: OnlineOnline Meeting URL: NoneRSVPURL: http://sqlmalibu1510.eventbrite.comHardening SQL Server Craig Purnell |Independent Consultant,Database Administrator, SQL Server Professional, Speaker, Microsoft Certified TrainerNeed to build a more secure SQL Server? Attend this session and learn what you can do today to make your SQL Server more secure...
10/7/15
Dynamics of Data Breach Discovery
As major companies and their clients discover, the first number announced for the data breaches don't show the scale of the disaster The following article follows up on the dynamics of the data breachesDynamics of Data Breach Discovery...
6/23/15
OPM breach and National Security
I heard from many readers last week who were curious why I had not weighed in on the massive (and apparently still unfolding) data breach at the U.S Office of Personnel Management (OPM)...
5/11/15
It's All About Privacy
In our second installment of the #GenXTT I was excited to bring a bunch of smart GenXers together to espouse their views on privacy After the Millennial Think Tank Session on Privacy, I wanted to determine if there were differences in perception about Privacy among GenXers, especially given the increasing influence of technology.It's All About Privacy...
3/23/15
Card Breach at Natural Grocers
Sources in the financial industry tell KrebsOnSecurity they have traced a pattern of fraud on customer credit and debit cards suggesting that hackers have tapped into cash registers at Natural Grocers locations across the country The grocery chain says it is investigating “a potential data security incident involving an unauthorized intrusion targeting limited customer payment card data.....
3/23/15
HushHush is Presenting in Silicon Valley
SQLSaturday is a free, one-day learning event about SQL Server, Microsoft Business Intelligence, and Big Data HushHush is Presenting in Silicon Valley...
12/3/14
Can You Let Down Your Guard During Holidays?
Tomorrow is Thanksgiving, and then Friday—Black Friday—kicks off the official start of the holiday shopping season Retailers love the materialistic frenzy of the holiday season, and so do cybercriminals...
11/10/14
HushHush Presents at Security Day Fullerton
In an era where massive data breaches have caused some consumers anxiety while swiping their credit card, keeping out hackers is a hot topic among students learning to build and maintain the systems that often fall victim HushHush Presents at Security Day Fullerton...
10/17/14
Internal Privacy Breach: Mayor Rob Ford's privacy breached, hospital says
Mount Sinai is the latest in a string of hospitals to compromise patient confidentiality Over the summer, the Star revealed that GTA hospitals provided records without authorization to baby photographers and in one case, to RESP marketing companies...
10/13/14
Third-party Snapchat site claims photos were hacked from server
Developers behind Snapsaved.com, which stores Snapchat pictures, claim user photos were stolen - while another claim the site’s administrator gave access to hackers Third-party Snapchat site claims photos were hacked from server...
9/24/14
Your medical record is worth more to hackers than your credit card
Your medical information is worth 10 times more than your credit card number on the black market.Last month, the FBI warned healthcare providers to guard against cyber attacks after one of the largest U.S hospital operators, Community Health Systems Inc, said Chinese hackers had broken into its computer network and stolen the personal information of 4.5 million patients...
8/18/14
Chinese Hackers Pull Largest Cyberattack
Data breaches at health care systems are on the rise, experts say, and these will become more common in the coming years as more patient data goes digital.Community Health Systems, a large health care group that has 206 hospitals in 29 states, said Monday that a cyberattack originating in China resulted in the theft of Social Security numbers and other personal data belonging to 4.5 million patients Chinese Hackers Pull Largest Cyberattack ...
5/6/14
An Interesting Case of Fraud at the Hospital
After taking nearly two months to flesh out a patient data breach involving inappropriate internal access, UMass Memorial Medical Center (UMMMC) of Worcester, Mass announced this week that it had alerted more than 2,400 affected patients of the breach...
4/26/14
SQL Saturday Orange County: Testing with SSIS
Often times, a database developer needs to test the data under different scenarios There are many ways to do that, and some of them involve using TFS and other expensive tools.....
4/13/14
Security Experts warn of lack of privacy at web giants
Image Credit: Wikipedia / VentureBeatTech giants are struggling to protect your privacy More to the point, they’re struggling to protect themselves from public criticism...
4/3/14
Hush Hush is at ISACA LA
Mark April 9th – April 13th, 2016 on your calendar and join us at the 2016 Spring Conference, the leading Information Systems IT governance, control, security and assurance event for the Southern California area The ISACA Los Angeles Chapter provides affordable quality training on fundamental information systems auditing concepts and emerging technology risks, and an opportunity to network with other auditing and security professionals.....
3/13/14
Debate on privacy is heating up: Facebook is frustrated
Facebook Co-Founder Mark Zuckerberg made a rare posting on his Facebook page to assure his followers that he takes government threats to Internet security seriously “I’ve called President Obama to express my frustration over the damage the government is creating for all of our future,” he wrote in the note, most likely in relation to recent revelations that the National Security Agency has been hacking into computers and weakening security standards...Debate on privacy is heating up: Facebook is frustrated...
3/13/14
When is anonymization not a good thing?
Anonymous communication platforms and the pre-teen-to-teenage brain are two things that don’t mix all that well Just look at Ask.fm, for example, the social Q&A platform whose shield of anonymity led to cyberbullying that was later cited as a contributing factor in well over half a dozen suicides...
3/6/14
Hush Hush Provides Free Education Session at SQL Malibu
oin us every 2nd or 3rd weekday of every month between 6:00 pm and 7:30PM, where we network and discuss SQL Server topics We will have swag giveaways at the end of the each presentation too...
3/5/14
Feds Look To Big Data On Security Questions
Government IT leaders believe continuous monitoring and advanced analytics can help agencies better understand their networks and security Government IT leaders believe the growth of big data analytics may provide new tools in combating cyber security threats, according to a new report...
3/5/14
Hush Hush Sponsors SQL Saturday Silicon Valley
SQLSaturday was a free, one-day learning event about SQL Server, Microsoft Business Intelligence, and Big Data Hush Hush Sponsors SQL Saturday Silicon Valley...
3/5/14
Microsoft Heads to Global Privacy Summit
This week is particularly exciting for the many people at Microsoft who focus on data privacy Several of us will attend the annual Global Privacy Summit in Washington, D.C., hosted by the International Association of Privacy Professionals (IAPP)...
1/13/14
Neiman Marcus confirms customer payment card data breach
Neiman Marcus Group Ltd — очередной крупный ритейлер, подтвердивший, что информация о платежных картах клиентов была украдена, а в праздничные дни были произведены несанкционированные платежи...
12/23/13
Shadow IT: Why companies are exposing your data - and what to do about it
The race to cloud computing is exposing private customer information and sensitive corporate data on an unprecedented scale The demand for quicker and cheaper application development is driving this trend.Shadow IT: Why companies are exposing your data - and what to do about it...
