(With the Help of ChatGPT) In this article, the author provides three versions of a data retention policy that appears compliant with GDPR or NIST. After taking NACVA’s cybersecurity course, a student reached out to me asking for a Data Retention Policy template that would be compliant with the statutes and frameworks discussed in the course, such as the National Institute for Standards and Technology (NIST) Cybersecurity Framework or the EU’s General Data Protection Regulation (GDPR). I thought this may be a good question for large language models because the subject matter is old enough that there is a sufficiently…
-
-
Strategies to Limit Digital Risk and Liability In this article, the author looks back at predictions made in the 2014 Pew Research. Reflecting on this study, it becomes self-evident that we understand what the problems are, and, perhaps, we even have good ideas of how to tackle these problems. Therefore, the issue is not necessarily “finding a solution” but rather, having the will and desire to implement a solution. Introduction A person’s perspectives and perceptions towards a problem drives the approach taken to solve that problem. Managing data privacy challenges are no different. Therefore, to address today’s issues, it is…
-
Foundations for Prevention and Mitigation This article focuses on the professional expertise, processes, and technologies that are needed to mitigate the ever-increasing risk of cyber-attacks and potential business interruptions on companies, organizations, and individuals. The modern security ecosystem is diverse and ever-changing, a place where cyber risk is top of mind for leaders at all levels, and threats to information/data security and privacy evolve at the speed of the technical innovations driving progress. Within this dynamic ecosystem, we are increasingly connected across the globe, where organizations (and individuals) equally face the ever-present threat from cyber-attack. No one is immune and…
-
Running a successful tax practice is about more than acknowledging the technology du jour. It is about knowing which technologies make the most sense for you and using them to their fullest potential. Learn about three technologies you cannot afford to ignore in your practice. To read the full article in AICPA Insights, click: Three Tax Technologies you Should Not Ignore.
-
Defining Rights and Establishing Control to Protect Your Firm and Clients In this article, the authors propose best practices used to establish acceptable use policies (AUP). These AUPs define rights and establish controls that protect the firm and client information.
-
Five years ago, no one really knew what big data was and now, it seems it’s all anyone can talk about. Big data is the term used for information retailers, government agencies, and other organizations collect from the public that other entities might have a vested interest in purchasing because they produce ancillary products or services that could be marketed to the same individuals. While there has been much concern regarding big data the government collects and its impact on privacy, it’s becoming much more of a concern in the valuation world. Are these datasets assets? Some are valued in…