Compliance

Blogs, articles and briefs on all things compliance - might not be the most exciting subject, but it's required (all joking aside).

Compliance ITAR Encryption Rule + Local Key Security According to the March 2020 ITAR encryption addendum, ITAR regulated data stored or transmitted in the cloud must be “end-to-end encrypted” (E2EE). In order to properly satisfy this rule, E2EE encryption requires that the keys used for encryption and decryption be stored locally on the endpoints, not on a server

Brendan Diaz • 5 min read

Compliance ITAR and Encryption: What You Need to Know According to the March 2020 ITAR encryption addendum, ITAR regulated data stored or transmitted in the cloud must be “end-to-end encrypted” (E2EE). Additionally, ITAR regulations state that "The means of decryption are not provided to any third party." [https://www.ecfr.gov/current/title-22/part-120#p-120.54(b)(1)(ii)

Brendan Diaz • 2 min read

Compliance A New Year's Resolution: Low Hanging Fruit Hardly anything is predictable anymore: Covid-19, remote work, supply chain, social media vulnerabilities, data security, employee retention. It is tough doing any strategic planning these days with so many fundamental uncertainties and even tougher just managing a business day-to-day.

Evan Blair • 2 min read

Compliance PHIPA, the Canadian Healthcare Compliance Regulation is More Than Just a HIPAA Clone North America has two strong healthcare compliance regulations, HIPAA (USA) and PHIPA (Canada). While the two are very similar, it’s important for Canadian healthcare companies to understand the differences - and what they are responsible for when choosing a provider that will help them communicate, collaborate, and share patient

HighSide Staff • 3 min read

Compliance ITAR & EAR: Think You Are Compliant? Think Again... Anyone doing business with the US government and / or producing technology or physical goods that the US considers controlled needs to spend 5 minutes here and get a refresher on ITAR and EAR. The biggest thing that scares me when I think about how folks are handling their sensitive communications

Evan Blair • 4 min read

Compliance Facebook's whistleblower and what it means for your data security & GDPR program With the recent testimony in Congress on October 5 by former Facebook employee and now whistleblower, Frances Haugen, has drawn the curtain back on management’s priorities at the company, and it isn’t good. Basically, she claims profits are the top priority among Facebook’s leaders. [https://www.vox.

Evan Blair • 3 min read

Compliance GDPR & Collaboration: Are You Really Compliant using Slack, Box, Teams, etc...? Before we can answer that question, we need to better understand GDPR (there are a lot of false narratives out there) and what your responsibilities are, and what your providers responsibilities are. Once we understand those, we can look at some specific articles of the GDPR that will highlight (and

HighSide Staff • 7 min read