As a continuation from our previous post on the GDPR (Greater Data Protection Ruling) and its implications for U.S. based firms, it is important to keep in mind the EU-US Privacy Shield. Under both the GDPR and its predecessor, the EU doesn’t allow the transfer of data on its citizens outside of the country unless the country is deemed to have adequate data privacy laws. Unfortunately, the EU has deemed that the US does not have adequate data privacy laws, but organizations can navigate this by adhering to the EU-US Privacy Shield.
The EU-US Privacy Shield is a program where participating U.S. companies are considered to have adequate data protection, and can therefore facilitate the transfer of EU data. The EU-US Privacy Shield’s predecessor, the Safe Harbour Framework, was overhauled because the EU did not consider this agreement strict enough on data protection for their citizens. The GDPR protects the data of all EU citizens, regardless of whether they currently live in the EU.
Your firm is also liable if your website has a form or any tracking mechanisms that EU citizens are able to access. Although the Privacy Shield is entirely voluntary and self-certifiable, once an organization publicly commits to compliance, it is enforceable under U.S. law and your firm must self-certify annually to be considered compliant.
There are two categories of data transfer under the EU-US Privacy Shield, HR data and non-HR data. HR data refers to employee data and privacy policies, while non-HR data will affect your information on prospects and clients, and may trigger revisions of your privacy and opt-in or opt-out policies.
The new year is upon us so time for predictions, watch lists and resolutions. Here’s our take on some technology trends we see within our client base as well as buzzing across the industry.
Cloud Transformations: Hybrid Grows & Connections Matter
In 2017 hybrid cloud gained traction as companies embraced its ability to combine the benefits of dedicated private environments with on-demand public cloud resources and application sets. In 2018 we expect broader mainstream hybrid adoption for everything from application and infrastructure services to disaster recovery.
With hybrid cloud use increasing, the importance of establishing and optimizing connections across networks and clouds will become a priority. Eze Hybrid Cloud, as an example, has direct connections to the Microsoft Cloud as well as market data, FIX networks and fund administrators.
If you’re a loyal Hedge IT reader, you may remember we highlighted a few simple dos and don’ts that, when utilized, can go a long way in shoring up your firm’s security. To make it easy, we’ve put these tips together into a video. Take a look below and discover a vast range of security tips and tricks from email encryption to proper security measures for protecting computers and mobile devices.
In Part One of this series, we shared some insights from our recent chat with a Certified Business Continuity Planner here at Eze Castle Integration. We looked at some things to consider when your office building is forced to close down due to the weather conditions.
Even if your building is not forced to close during a storm, there are still a number of important challenges to consider. In this article, we will examine a few things to think about when preparing you firm for this scenario.
With 2018 around the corner many firms are locking down their budgets and looking for opportunities to run more efficiently. Technology is one area where savvy alternative investment firms can optimize their budgets to make room for new IT initiatives.
Here’s our list of five technology budget areas to evaluate.
Go Cloud. If you’re still running an on-premise IT environment it is time to evaluate a move to the cloud. Aside from shifting IT management responsibilities, you’ll gain access to cost predictability and the latest technology feature sets. Not to mention the real estate footprint benefit – going cloud will increase your floor space and reduce your power and cooling expenses as well as your hardware & software costs.
Hybrid Cloud. If you’re already in the cloud, it may be time to consider seeing what a Hybrid Cloud offering can deliver in terms of cost-savings. Note, if control, security and privacy are your top priorities, you may want to stick with a Private Cloud.
Earlier we sat down with a Certified Business Continuity Planner at Eze Castle Integration to get insights on what hedge funds must consider when preparing for weather related incidents. Here are some important questions that a firm can use to prepare.
Categorized under: Trends We're Seeing
As many of us are preparing to feast this Thanksgiving and start preparing for the unofficial start to holiday shopping, retail stores are getting ready for their biggest days yet- Black Friday and Cyber Monday. While many are searching the internet high and low for the best deals, cyber criminals and hackers are searching high and low for their next victims. Black Friday and Cyber Monday are the perfect time for these cyber criminals to take advantage of those who aren't aware of the risks.
Here are some additional quick tips for cyber safety during the holiday shopping season:
Do not click on a link unless it is from a trusted source
Make sure the destination URL is where you were intending to go
Make sure your phone and other devices are password protected
Use unique passwords for every online account
Do not enter personal information over public Wi-Fi networks
Use a credit card instead of a debit card when making purchases
Check the 'To', 'From' and 'CC' fields of an email
If your company employs any kind of Bring Your Own Device policy, it's probably time to ramp up your Mobile Device Management (MDM). All companies should have some form of device management for their employees (e.g., password requirements, network stipulations), but that doesn't mean they have enough protection.
Why Does MDM Matter?
MDM is a software solution that lets employers know their data is secure while accessible on an employee’s device. It provides ways for employers to set policies, ensure strong passwords, remotely wipe data if necessary, and oversee the security. Network security is difficult even when hardware stays in one place, but the threats magnify when the location constantly changes. Companies can stay compliant and keep sensitive company data from harm when they're able to control all mobile devices policies from a single location.
You can think of MDM as a type of central intelligence where you can track, arrange and compartmentalize data, and provide updates to employee devices as appropriate. When your employees use their devices for other matters, you have a way of separating work information from personal.
Bare Minimums: Setting Policy
Ideally, you should have several specific characteristics before you settle on an MDM strategy. The first step is to decide what policies your company plans to enable, such as requiring device-wide encryption and automatically lock or wipe a device. Be sure to directly state which rights the firm will retain with regard to provisioning mobile devices.
On our recent Emerging Manager Trends in Operational Due Diligence webinar, we looked at how today’s emerging managers face a number of challenges from fierce competition to the rapidly evolving investor IT due diligence process, especially in terms of scrutiny on technology processes and security safeguards.
The reality is that investors have a greater understanding of technology, are asking more probing due diligence questions and care about the responses they receive. In recent years the depth of DDQ questions around information technology and security has expanded as investors become increasingly savvy about IT and headlines around IT risks have grown.
Here at Eze Castle Integration we regularly assist our clients in completing the IT portions of investor due diligence questionnaires. The wording of questions varies but here is a handy list of 51 common IT due diligence questions we see.
- Provide an organization chart for the Company, its affiliates and key personnel.
- Provide the physical address and general contact information for each of the Company’s office locations.
- Provide the name and contact information of the Company employee(s) assigned to the client’s account(s).
- Provide a list of compliance personnel, their roles and qualifications, the date of his/her appointment and position within the Company’s organizational structure.