In November of 2021, President Joe Biden signed the Infrastructure Investment and Jobs Act (IIJA) which authorizes a plan to invest $1.2 trillion into the nation's infrastructure. This bipartisan infrastructure bill plans to bolster the transportation, energy, water, utility sectors, and state and local governments. An important provision within the IIJA is the allocation of $2 billion towards enhancing the cybersecurity of government organizations.

The pandemic has caused havoc on business and personal lives. It also highlighted the importance of personal data and its vulnerability. To combat this, governments across the globe have reviewed and modulated their privacy laws and regulations. Including the African governments and legislators. Over the recent years, Internet usage has increased significantly on the African continent. The usage was aided by continued investment in local digital infrastructure and improved user access.

With the rapid proliferation of data privacy laws, it’s no wonder mid-sized organizations are having a hard time keeping up with all of the new regulations. In addition, many companies struggle with understanding how rapidly evolving legislation might apply to them. For example, if you’re a U.S.-based company that does business from North Dakota, you might not be concerned about privacy laws abroad.

Data privacy is a priority objective for businesses today, particularly after the European Union's General Data Protection Regulation (GDPR) became enforceable in 2018, as this law protects European citizens’ personal data and requires organizations to change some of their work processes.

Illustrated by Dorathe Victor The Personal Information Protection and Electronic Documents Act (PIPEDA) is well-known if you are an organization based out of Canada. In place for more than 20 years, it sets out rules for how businesses should collect, use, and disclose personal information while dealing in commercial activities. Some pieces of personally identifiable information (PII) that are protected under PIPEDA are name, age, ID number, income, ethnic origin, blood type, and more.

The first months of 2022 began slowly for privacy, but by the end of the first quarter we had our marching orders for the rest of the year. In the U.S., we saw an explosion of state privacy bills being put forward (again), the Senate utilized a seldom used maneuver to push President Biden’s Federal Trade Commission nominee through to confirmation, and Utah became the fourth state to enact comprehensive privacy legislation.

The current cyber threat landscape forces the secure handling of personal data, and data privacy laws such as the General Data Protection Regulation (GDPR) assist in enforcing essential security measures.

Broadly speaking, an information security program is a set of activities and initiatives that support a company’s information technology while protecting the security of business data and enabling the company to accomplish its business objectives. An information security program safeguards the proprietary information of the business and its customers. The Gramm-Leach-Bliley Act (GLBA) has a more specific definition of what a security information program should entail.

On March 31, 2022, the Security Legislation Amendment Critical Infrastructure Protection Act 2022, also known as SLACIP, was passed by the Australian Parliament. The SLACIP Act aims to build upon the SOCI Act framework to improve the security of Australia’s critical infrastructures. To learn how the SOCI Act reforms will affect you and for guidance on how to comply with its new risk management requirements, read on.