Caetra.io https://caetra.io Simplifying Compliance, Reduscing Risk Thu, 16 Jan 2020 19:23:41 +0000 en-US hourly 1 https://wordpress.org/?v=5.3.2 https://caetra.io/wp-content/uploads/2018/09/caetra_icon-150x150.png Caetra.io https://caetra.io 32 32 New Guidance Clarifies Schools Health Records Governed by FERPA Are Not Subject to HIPAA https://caetra.io/latest-thinking/new-guidance-clarifies-schools-health-records-governed-by-ferpa-are-not-subject-to-hipaa/ https://caetra.io/latest-thinking/new-guidance-clarifies-schools-health-records-governed-by-ferpa-are-not-subject-to-hipaa/#respond Thu, 16 Jan 2020 18:56:29 +0000 http://caetra.io/?p=4424 The post New Guidance Clarifies Schools Health Records Governed by FERPA Are Not Subject to HIPAA appeared first on Caetra.io.

]]>
New guidance issued jointly by the U.S. Department of Education and the U.S. Department of Health and Human Services advises schools that most health information relating to students at federally-funded elementary and secondary schools, including health and treatment records, is protected and governed by FERPA. The guidance also makes clear that since most schools are not “covered entities” under HIPAA, these student health records are NOT also subject to HIPAA protection.

This advice is important because complying with multiple regulations is both costly and confusing and creates unnecessary burdens on administrators, parents and health care professionals. The interplay and exceptions to this general principle are different depending upon whether the school is private or public and whether it is a K-12 school or one that offers graduate level education. To ensure that compliance is constructed correctly, we advise a careful read of this guidance along with a discussion with your attorney.

FERPA (20 USC § 1232g; 34 CFR Part 99) is the federal law that protects the privacy of student’s “education records” and applies to educational agencies and institutions that receive federal funds. Thus, FERPA generally does not apply to private or religious schools at the elementary and secondary levels.. “Educational Records” have a broad definition under FERPA and include records directly related to the student and those maintained by an educational agency or institution or by a party acting on behalf of the school. The guidance specifically identifies that student health records, including immunization records, such as those kept by a elementary or secondary school nurse, would generally constitute education records subject to FERPA and would not be subject to HIPAA. The exception is “treatment records,” which apply to students aged 18 or older (or a student attending a post-secondary educational institution) created by a physician or other professional offering direct treatment to the student.

FERPA prevents the disclosure of educational records or PII of a student without the consent of their parent or the student individually if they are an “eligible student.” Exceptions exist around need in cases of emergency or within the school if the individuals are authorized to see the information generally and revealing the records satisfies “legitimate educational interests.” The law also grants individual access and the right to seek corrections to these records to the parents or eligible students. In this sense, FERPA has many similarities to HIPAA.

HIPAA applies to “covered entities,” including health plans, health care clearinghouses and health care providers, that transmit health information in electronic form in connection with covered transactions and bill for their services. 45 CFR § 160.103; 45 CFR Part 163, Subparts K-R. For the most part a school would not be a covered entity and thus not subject to HIPAA. However, if the school does offer health care to students when school is in session, through for example a health clinic, and transmits those records electronically, it could subject itself to portions of the HIPAA regulations. But if the school merely maintains the records, they would be considered “education records” or “treatment records” and are specifically excluded under HIPAA.

HIPPA typically does not apply to elementary or secondary public schools because the institution is either not a covered entity or maintains the health information only on students as a part of their “education record” pursuant to FERPA. A public school that provides and charges Medicaid for certain medical care (for example care provided to a student under the Individuals with Disabilities Education Act “IDEA”) could be subject to the HIPAA Transactions and Code Set Rules, but may not have to comply with the entirety of the HIPAA Privacy Rules since the information would be an education record protected by FERPA. Certain private elementary or secondary schools might be subject to HIPAA because they are not regulated by FERPA and cannot claim the information is part of a FERPA protected “education record.” In that case, these health records could be governed by HIPAA. But even in this circumstance, both agencies are seeking to protect the information pursuant to FERPA where possible. For example, the U.S. Department of Education is in the process of preparing a Notice of Proposed Rulemaking to amend the FERPA regulation to protect IEP service records maintained by a private school under FERPA’s privacy rule rather than HIPAA’s.

Overall, we are seeing a rise in the number of cybersecurity and data privacy regulations potentially applicable to school districts and educational institutions. These include the two discussed here, HIPAA and FERPA, as well as New York’s Education Law 2D, regulations from the Department of Financial Services, standards promoted by the Payment Card Industry and New York’s new SHIELD law. Institutions could benefit greatly by identifying the laws that potentially apply to their activities and narrowly applying them to only the information and systems that store that information. Although this requires a greater upfront analysis and assessment, it will pay dividends in terms of limiting the number of technical, administrative and physical controls required by each regulation and reduce the likelihood of mistakes and training surrounding the implementation of multiple compliance regulations. Accordingly, this guidance is both timely and welcome.

If you would like to better understand your compliance obligations, contact the attorney you regularly work with or feel free to contact the author, Alan M. Winchester at awinchester@harrisbeach.com or at (212) 313-5403.

This alert does not purport to be a substitute for advice of counsel on specific matters.

Harris Beach has offices throughout New York State, including Albany, Buffalo, Ithaca, Melville, New York City, Rochester, Saratoga Springs, Syracuse, Uniondale and White Plains, as well as New Haven, Connecticut and Newark, New Jersey.

The post New Guidance Clarifies Schools Health Records Governed by FERPA Are Not Subject to HIPAA appeared first on Caetra.io.

]]>
https://caetra.io/latest-thinking/new-guidance-clarifies-schools-health-records-governed-by-ferpa-are-not-subject-to-hipaa/feed/ 0
Rochester Business Journal: “California data security law to have widespread impact” https://caetra.io/news/rochester-business-journal-california-data-security-law-to-have-widespread-impact/ https://caetra.io/news/rochester-business-journal-california-data-security-law-to-have-widespread-impact/#respond Fri, 06 Dec 2019 21:26:06 +0000 http://caetra.io/?p=4154 Data privacy considerations will get much more complicated in the new year as both New York and California implement new laws aimed at protection of personally sensitive information. That was part of the message our Chief Development Officer Alan Winchester delivered in a conversation with the Rochester Business Journal for a story published Dec. 3. […]

The post Rochester Business Journal: “California data security law to have widespread impact” appeared first on Caetra.io.

]]>
Data privacy considerations will get much more complicated in the new year as both New York and California implement new laws aimed at protection of personally sensitive information. That was part of the message our Chief Development Officer Alan Winchester delivered in a conversation with the Rochester Business Journal for a story published Dec. 3. The California Consumer Privacy Act (CCPA) goes into effect Jan. 1. And New York’s Stop Hacks and Improve Electronic Data Security (SHIELD) Act starts March 21. Alan was quoted in the RBJ article discussing the impact of both regulations on organizations both large and small. New York’s SHIELD Act “focuses on how businesses have to secure information, whereas the California law focuses a little bit more on the rights you have to give data subjects and the notices you owe them,” Alan told the RBJ.

Read the full RBJ article.

Interested in a demonstration of how Cymetric supports SHIELD Act and CCPA compliance? Contact us today and we’ll get back to you right away.

The post Rochester Business Journal: “California data security law to have widespread impact” appeared first on Caetra.io.

]]>
https://caetra.io/news/rochester-business-journal-california-data-security-law-to-have-widespread-impact/feed/ 0
NYS Education Law Section 2-D https://caetra.io/latest-thinking/nys-education-law-section-2-d/ https://caetra.io/latest-thinking/nys-education-law-section-2-d/#respond Wed, 18 Sep 2019 18:51:47 +0000 http://caetra.io/?p=3981 The post NYS Education Law Section 2-D appeared first on Caetra.io.

]]>

How can CyMetric help school districts ace their compliance? Caetra’s Chief Development Officer, Alan Winchester, joins the Harris Beach podcast to explore more stringent data privacy laws for school districts in New York state.

September, 19th, 2019

Caetra.io is an affiliate of, and controlled by, the law firm of Harris Beach PLLC. Caetra is not in the business of providing legal advice or legal services, and the protections of the client-lawyer relationship (including attorney-client privilege) do not exist with respect to any services provided by Caetra.

This podcast does not purport to be a substitute for advice of counsel on specific matters.

The post NYS Education Law Section 2-D appeared first on Caetra.io.

]]>
https://caetra.io/latest-thinking/nys-education-law-section-2-d/feed/ 0
California Consumer Privacy Act: What risk managers need to know https://caetra.io/latest-thinking/california-consumer-privacy-act-what-risk-managers-need-to-know/ https://caetra.io/latest-thinking/california-consumer-privacy-act-what-risk-managers-need-to-know/#respond Fri, 13 Sep 2019 21:22:46 +0000 http://caetra.io/?p=3935 The post California Consumer Privacy Act: What risk managers need to know appeared first on Caetra.io.

]]>

Has the Golden State set a new gold standard for compliance?

Passed in 2018 and taking effect on January 1, 2020, the California Consumer Privacy Act (CCPA) poses regulatory
compliance challenges for:

  • All companies that serve California residents and have at least $25 million in annual revenue.
  • Companies of any size that have personal data on at least 50,000 people; or that collect over half their revenue
    from the sale of personal data.

Headlines and reports about the free sharing of sensitive private information have spurred a wave of legislation that
has compliance experts and risk management officers on high alert.
Framed by this context, the CCPA was passed to give consumers five key data privacy rights:

  1. The right to know what personal information is being collected about them;
  2. The right to know whether their personal information is sold or disclosed and to whom;
  3. The right to say no to the sale of personal information;
  4. The right to access their personal information; and
  5. The right to equal service and price, even if they exercise their privacy rights.

The CCPA places data privacy obligations, and the burden of compliance, upon any organizations that collect data from
California residents – similar to GDPR, now enforced in Europe, and the SHIELD Act, which has recently impacted data
privacy and security requirements in New York state.

What’s notable about the CCPA?

The California law’s significance lies not only in the rights it grants its consumers; but also in its broadened
definition of private information. Historically, compliance experts have known to advise companies of the risks
surrounding highly confidential information: social security numbers, drivers’ licenses or data connected to bank
accounts.

But under the CCPA, personal information is defined as any information that identifies, relates to, describes, is
capable of being associated with, or could reasonably be linked with a particular consumer or household. In addition
to the data identified above, regulations now exist regarding the following:

  • Names, aliases and addresses
  • Online identifiers and email addresses
  • Personal information including age, race, color, religion, marital status, disability and gender identity
  • Medical conditions
  • Commercial information, including records of personal property, products or services
  • Biometric information such as fingerprints, retina scans or facial recognition
  • Internet search history
  • Geolocation data
  • Professional or employment-related information
  • Requests for family care leave, medical leave or disability leave

What are the penalties for not being in compliance with CCPA?

Once regulators advise them of a violation, companies have 30 days to comply with the CCPA. After that, failing
resolution, fines accrue of up to $7,500 per record.

Bottom line: businesses dealing with California clients will need powerful new compliance tools at their disposal.
And while California may be among the first states to pass such an expansive privacy law, it will likely not be the
last. Our CyMetric solution can help your company maintain and demonstrate compliance with CCPA and other sets of
data privacy and data security mandates and regulations.

The post California Consumer Privacy Act: What risk managers need to know appeared first on Caetra.io.

]]>
https://caetra.io/latest-thinking/california-consumer-privacy-act-what-risk-managers-need-to-know/feed/ 0
GOT RISK? CyMetric software platform expanded to address growing number of data-privacy regulations, including New York SHIELD Act https://caetra.io/press-release/cymetric-new-york-shield-act/ https://caetra.io/press-release/cymetric-new-york-shield-act/#respond Wed, 11 Sep 2019 18:33:04 +0000 http://caetra.io/?p=3891 The post <em>GOT RISK?</em> <br>CyMetric software platform expanded to address growing number of data-privacy regulations, including New York SHIELD Act appeared first on Caetra.io.

]]>

The adoption of new laws governing the handling of private data, such as the New York SHIELD Act, is making the job of risk and compliance managers more complicated than ever. To address these challenges, Caetra.io™ has expanded CyMetric™, its cyber-compliance software-as-a-service platform, to include SHIELD compliance as well as several other data privacy and security regulations impacting health care, financial services, education and other markets.

CyMetric maps the requirements of multiple regulations across an organization, consolidating them into a single program. The software automatically creates a legally compliant set of policies with the procedures necessary for implementation. Caetra.io was formed by Harris Beach PLLC, one of the country’s top law firms according to The National Law Journal.

In addition to the New York SHIELD Act for data privacy and security, signed into law by Gov. Andrew Cuomo in July, the new regulations mapped into CyMetric include:

  • Health Insurance Portability and Accountability Act of 1996, or HIPAA
  • New York Department of Financial Services Cybersecurity Regulation (23 NYCRR 500)
  • General Data Protection Regulation (GDPR), the European Union’s signature privacy law
  • New York Education Law 2-d and 8 NYCRR Part 121
  • New York State Department of Health Office of Health Information Programs
  • Defense Federal Acquisition Regulation Supplement (DFARS) Cybersecurity Requirements
  • National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)
  • North American Electric Reliability Corporation (NERC) CIP-013-1, to insure data integrity and cyber security in the nation’s bulk electric system supply chain

Additional regulations to be added shortly include the California Consumer Privacy Act, the Canadian Consumer Privacy and Health Care Privacy Acts and the SOC-2 control set for security certifications.

“In response to widespread concerns about privacy, governments and industries are taking decisive steps to enact rules and create standards designed to keep our data safe,” said Alan Winchester, chief development officer of Caetra and a partner at Harris Beach PLLC. “As a result, the role of the compliance officer and risk manager has become significantly more challenging, requiring attention to countless details and the monitoring of numerous controls. CyMetric simplifies the challenge of making sure all regulations are being followed and the data defended, while saving time and money and adding peace of mind.”

CyMetric also provides a mechanism for customers to assess, measure and demonstrate progress on compliance programs, allowing users to see in real time how the organization is performing against requirements.

About Caetra
Caetra is a software company and developer of CyMetric, the cloud-based data privacy and data security compliance tool that unifies disparate regulations into one single, legally-vetted compliance program. As a wholly-owned subsidiary of Harris Beach, Caetra draws upon both the insight of regulatory experts and the advice of attorneys from a national law firm to identify organizations’ individual compliance needs, map them to evolving regulations and assist them in continually assessing their program – providing stakeholders a clear snapshot of their cybersecurity compliance program.

The post <em>GOT RISK?</em> <br>CyMetric software platform expanded to address growing number of data-privacy regulations, including New York SHIELD Act appeared first on Caetra.io.

]]>
https://caetra.io/press-release/cymetric-new-york-shield-act/feed/ 0
People and Process Come Before Technology https://caetra.io/latest-thinking/people-and-process-come-before-technology/ https://caetra.io/latest-thinking/people-and-process-come-before-technology/#respond Fri, 10 May 2019 14:38:45 +0000 https://caetra.io/?p=3554 Compliance programs tend to be managed by numerous spreadsheets that outline controls, document their assessments and delegate ownership. Shouldn't that process be streamlined? Learn how it can be done.

The post People and Process Come Before Technology appeared first on Caetra.io.

]]>

Compliance programs tend to be managed by numerous spreadsheets that outline controls, document their assessments and delegate ownership. We seek to streamline that into a cloud-based tool that is centrally managed and readily available for delivering reports and documents that support compliance requirements.

CyMetric is a “people and process” risk management tool that supports the front end of the regulatory compliance process – before technical solutions are put in place. To accomplish this, CyMetric provides legally vetted interpretation of various regulations for their data privacy/data security component; and proposes NIST-based controls that can be implemented to support the requirements of the laws companies need to comply with. These controls are documented and outputted into a policy document that can become the basis for an organization’s cybersecurity policy.

For example, if you are seeking to comply with new mandates of GDPR, CyMetric will provide all of the controls that will satisfy the requirements of the law based upon your specific risk tolerances and data profiles. Part of what CyMetric seeks to accomplish is to ensure that investments in technical infrastructure are serving the dual purpose of protecting data assets and meeting the legal requirements of the various regulations organizations are being held accountable to.

CyMetric also provides a mechanism to track the progress of the implementation of the program through a controls assessment module, where maturity can be measured and findings documented. This process is outputted in reports and dashboard windows, providing stakeholders visibility into how the company is performing with its compliance program.

See how stakeholders are replacing spreadsheets.

The post People and Process Come Before Technology appeared first on Caetra.io.

]]>
https://caetra.io/latest-thinking/people-and-process-come-before-technology/feed/ 0
Confessions of a Control Freak https://caetra.io/latest-thinking/confessions-of-a-control-freak/ https://caetra.io/latest-thinking/confessions-of-a-control-freak/#respond Thu, 02 May 2019 14:39:51 +0000 https://caetra.io/?p=3556 Ever-expanding regulations can unsettle cybersecurity control freaks – not to mention businesses facing mounting challenges in assessing requirements around information security and privacy. Get inside the mind of a compliance manager.

The post Confessions of a Control Freak appeared first on Caetra.io.

]]>

Where once businesses only had to concern themselves with one regulation, now they must address several. Even if they are not themselves regulated, they likely service a company that is and through the procurement process contractually bound themselves to comply with one or more regulations. Further, any advice they received from counsel or consultants is stale upon delivery, because regulations are often construed differently over time by either the regulator or the courts. In addition, the risks keep changing, so ultimately even the most compliant plan is outdated as soon as a new threat is realized.

A related issue is that the policies they received were often as nebulous as the regulations themselves; so there was still a substantial amount of work required to convert these policies into controls that could be implemented and tested.

A second challenge they face is aligning their information security efforts with their compliance efforts. Organizations certainly take steps to protect their information, but they are often unaware of whether those steps are sufficient to comply with the regulations they are subject to. In addition, any risks associated with those systems are often known to only a small portion of the organization and may not be well communicated to senior management or understood by them. This tool helps communicate the state of the organization’s security and compliance program to those that need this information.

To come to the rescue of control freaks everywhere, our CyMetric software:

  1. Defines regulatory security and privacy requirements for any information system in a clear and simple manner. CyMetric identifies the controls and policies an organization needs to implement to comply with the regulations they identify as relevant to their organization.
  2. Avoids traditional legal costs because the system incorporates the most current analysis of the regulation by attorneys and delivers nearly instant updates should the regulations be construed to require a different level of protection for information systems. This keeps the organization’s compliance program up to date from a compliance standpoint.
  3. Allows customers to track their risk assessments and compliance efforts in a tool that also allows reporting to different stakeholders according to their role within the organization. This helps keep the security program up to date from a risk or threat standpoint.
  4. Marries both the compliance and security efforts into one process so that the efforts associated with the last two points contribute to one another and are synergistic.
  5. Frees up internal and external resources from tracking regulations and affected controls and allow them to focus on the specific implementation at their organization and risks they might face.

Explore the impact of a strong (or weak) cybersecurity program.

The post Confessions of a Control Freak appeared first on Caetra.io.

]]>
https://caetra.io/latest-thinking/confessions-of-a-control-freak/feed/ 0
Aligning Stakeholders with your Corporate Compliance Program https://caetra.io/latest-thinking/aligning-stakeholders-with-your-corporate-compliance-program/ https://caetra.io/latest-thinking/aligning-stakeholders-with-your-corporate-compliance-program/#respond Thu, 02 May 2019 14:37:16 +0000 https://caetra.io/?p=3552 Aligning stakeholders strengthens cybersecurity and weaves compliance into the culture. Read more.

The post Aligning Stakeholders with your Corporate Compliance Program appeared first on Caetra.io.

]]>

In a recent New Yorker cartoon, a cluster of medieval guards gather on the turreted roof of a castle, spears pointed to ward off the enemy who is preparing to breach the walls. However, they don’t see a visible form or physical force to attack; there’s only a bespectacled figure on the castle lawn, typing on a laptop. The caption reads: “Bad news, Your Majesty—it’s a cyberattack.”

That sketch, however amusing, underscores the vexing nature of a cyberattack or data breach. It’s invisible and insidious, arriving out of nowhere and difficult to defend against, or even contain, once it’s been unleashed. And even if all stakeholders swiftly agree on a shared need for damage control, the damage has already occurred: sensitive consumer data exposed, reputation badly burned, regulatory fines incurred and costly litigation in the cards.

What if stakeholders had locked arms earlier – before the cyberattack penetrated the castle walls?

For industries that handle sensitive data, such as health care organizations and financial institutions, cybersecurity programs are key to ensuring that companies comply with the growing number of regulations, whether contractual or governmental, that govern data security and privacy.

In today’s stifling regulatory climate, with its varying degrees of tolerance for and management of risk, it’s key to have executives, compliance professionals and information technology staff on the same page—with the ability to assess and measure both progress and performance. While establishing controls is an important first step, implementing and enforcing them are equally important to cybersecurity compliance. As the song goes, “you can’t have one without the other.” That two-pronged strategy underscores the importance of stakeholders remaining in touch and aligned with each other.

Connected compliance

When compliance becomes connected, rather than splintered and siloed, C-suite executives and compliance officers have a central resource to gather detailed and accurate information about cybersecurity; and to observe in real time how their organization is performing against requirements. That platform can highlight both successes and areas of improvement, such as substandard implementation of controls.

Aligning all stakeholders around a compliance program doesn’t just strengthen cybersecurity; it weaves compliance seamlessly into the culture of an organization. No longer does compliance need to manifest as a stumbling block, a fractured discussion or a hasty defense against a surprise attack.

Our CyMetric software provides a way to align your corporation around its proverbial castle.

The post Aligning Stakeholders with your Corporate Compliance Program appeared first on Caetra.io.

]]>
https://caetra.io/latest-thinking/aligning-stakeholders-with-your-corporate-compliance-program/feed/ 0
How and Why We Developed our Disruptive Technology https://caetra.io/latest-thinking/how-and-why-we-developed-our-disruptive-technology/ https://caetra.io/latest-thinking/how-and-why-we-developed-our-disruptive-technology/#respond Thu, 02 May 2019 14:34:53 +0000 https://caetra.io/?p=3550 Alan Winchester, our Chief Development Officer, identified an opportunity to streamline and simplify compliance through software so that it becomes a daily achievement, rather than an afterthought. Read the article.

The post How and Why We Developed our Disruptive Technology appeared first on Caetra.io.

]]>

Cybercrime is on the rise, and no one is immune. Recent headlines captured the grim state of events for consumers who entrusted companies with valuable information. In a twist that likely disrupted many a peaceful night’s rest, Marriott International reeled from a data breach involving 500 million customers. The knowledge-sharing website Quora announced that a “malicious third party” had compromised the account information of 100 million users of the question-and-answer website. And one dozen states jointly filed a federal lawsuit against Medical Informatics Engineering and NoMoreClipboard over a breach that exposed the data of 3.9 million individuals.

These corporate fiascos – carrying legal, financial and reputational consequences – often reveal significant deficiencies in organizational cybersecurity controls and policies along with glaring gaps in cybersecurity regulatory compliance. They also underscore the importance of actively thinking about and assessing cybersecurity each day. Compliance works best when it’s baked into each day, not considered after the fact or invoked as part of a frantic incident response. Building a culture of compliance needs to be a part of every organization’s mission.

But the reality is that building and maintaining a comprehensive compliance program is very challenging, with responsibility shouldered between the legal counsel who interpret policy, the compliance officers who struggle to create controls and the teams required to implement those controls. Between rapidly-changing regulations and corporate red tape, the process often needs to start from scratch before it gains traction. And because this chain of command makes compliance an abstract concept, it can be difficult for stakeholders to buy into the program and coalesce around compliance.

That’s when our Chief Development Officer, Alan Winchester, identified an opportunity to streamline and simplify compliance through software so that it becomes a daily achievement, rather than an afterthought.

Since 1989, Alan has focused on the intersection of law and computers. In the legal world, he is a pioneer in the use of predictive coding to efficiently identify responsive documents for early case assessment and review purposes. That mindset of proactive strategy and informed assessment has honed his focus on cybersecurity. Driving the development of an innovative solution, his vision is to enable customers overwhelmed with legal and operational issues surrounding compliance to meet their obligations intuitively and simply.

The result is CyMetric, a cloud-based cybersecurity compliance tool that translates a range of regulations into one unified policy and control set that meets the legal requirements of the laws companies need to comply with. The product’s disruptive nature lies in aligning multiple regulations with a standardized control set that become the basis for a cybersecurity policy. This alignment enables the organization to measure its compliance with multiple regulations through a single assessment process. Managing and documenting all of the facets of a cybersecurity program through a single, cloud-based platform eliminates the need for multiple spreadsheets, enhances collaboration and supports the building of a culture of compliance within an organization.

The post How and Why We Developed our Disruptive Technology appeared first on Caetra.io.

]]>
https://caetra.io/latest-thinking/how-and-why-we-developed-our-disruptive-technology/feed/ 0
Long Island Business News: “Law firm Launches software firm” https://caetra.io/news/long-island-business-news-law-firm-launches-software-firm/ https://caetra.io/news/long-island-business-news-law-firm-launches-software-firm/#respond Fri, 29 Mar 2019 13:00:30 +0000 https://caetra.io/?p=3360 The post Long Island Business News: “Law firm Launches software firm” appeared first on Caetra.io.

]]>

The Long Island Business News notes that Caetra exists to help organizations comply with an increasingly complicated set of regulations such as HIPAA, GDPR and others. Compliance is critical as organizations “may face regulatory fines and perhaps lawsuits,” Caetra founder and Harris Beach partner Alan Winchester told the newspaper.
Click here to read more from the LIBN.

To learn more about cyber and data privacy regulation and compliance, download our white paper.

The post Long Island Business News: “Law firm Launches software firm” appeared first on Caetra.io.

]]>
https://caetra.io/news/long-island-business-news-law-firm-launches-software-firm/feed/ 0