Dots Header Light

Compliance guide

Compliance

Looking for Egress legal documentation and policies?

Head over to our legal hub to find all the documentation you need.

Legal and privacy

Expert insight from Kevin Tunison, Egress Data Protection Officer

The UK Data Reform Bill – nine things you should know

Kevin has picked out the key facts organizations should be aware of from the UK Data Reform Bill. 

Supply chain impersonation or genuine third-party information request? Here’s how to tell.

Learn how to spot real requests from supply chain attacks with advice from Egress DPO Kevin Tunison.

How to influence compliance as a DPO (without making your colleagues cry!)

Get the latest tips on how to improve compliance (without the tears!) from Egress DPO Kevin Tunison. 

Uncovering hidden risk within your supply chain: Part one

Get first-hand advice on discovering risk from Egress' highly-experienced DPO.

Uncovering hidden risk within your supply chain: Part two

The second half of our DPO's expert tips on discovering risks in your supply chain. 
Compliance

CCPA: California Consumer Privacy Act

What can we learn from recent CCPA breaches?

Learn how to avoid breaching CCPA rules by reading about some of the biggest recent breaches and what we can learn from them.

Quick guide to CCPA compliance software

A protects California residents from data mismanagement and negligent email security. Click here to see how email security and CCPA compliance can be achieved on one platform

How we help you comply: CCPA

If you use our software and services to process personal information of Californian residents then this activity may (depending on your financial size or the volume of your processing) will be subject to the requirements of the CCPA. 

CCPA and email security: Three things you need to know

The California Consumer Privacy Act (CCPA) is an expansive data privacy regulation that significantly enhances consumers’ rights.

Compliance with California Consumer Privacy Act (AB 375) - How Egress can help

Similar to the EU’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act 2018 (AB 375) focuses on providing Californian consumers with control over their personal data. When it takes effect, in January 2020, it will be the strictest data privacy law in the United States.

Infographic: Key steps for CCPA compliance

Organisations need to take a proactive approach to achieve compliance with the California Consumer Privacy Act, which represented a major step forward for data privacy rights for the state's residents from the start of 2020.

The facts on CCPA and email encryption

Find out everything you need to know about the California Consumer Privacy Act of 2018 (CCPA) and email encryption. 

Federal Trade Commission & NYFDS: New York State Department of Financial Services

The FTC are cracking down on illegal data sharing

If you use apps, your sensitive data could be more at risk than you realize – which is why the FTC is cracking down on criminals leveraging your personal data.

NYDFS Cybersecurity Regulation requirements?

September 3rd 2018; NY DFS Cybersecurity Regulation (23 NYCRR 500) 

Risk management for NYDFS Cybersecurity Regulation compliance

The New York Department of Financial Services (NYDFS), responsible for regulating financial services and products within the state, has recently introduced Cybersecurity Regulation 23 NYCRR 500.

GDPR: General Data Protection Regulation

Eight biggest GDPR fines of 2022 (so far…)

Learn what not to do regarding GDPR from the organizations getting it wrong. Here are eight of the biggest GDPR fines of 2022… so far.

Five tips for achieving GDPR compliance

GDPR compliance can make or break businesses with EU customers – here are five tips for achieving compliance.

How we help you comply: GDPR

If you use our services to process personal data of UK or EU citizens then this activity will be subject to the requirements of the GDPR.  You will need to make sure that you comply with your obligations as either a Controller or Processor and we can help you meet these.

Brexit, the ICO and the EU GDPR

Sir Christopher Graham delivered his final annual report as Information Commissioner.

Coalfire Report: Egress can help with GDPR compliance

Coalfire have conducted an independent technical assessment of the Egress platform to determine the solution’s suitability for meeting EU GDPR controls for protection of personal data. This included technical testing, architectural assessment, and compliance validation.

GDPR: New challenges three years on

Hear what industry experts had to say on Egress' latest GDPR research.

GDPR: How to do subject access requests the right way

Article 15 of the GDPR concerns the right of access by the data subject. This means that under GDPR, EU citizens can contact organisations and businesses they have dealt with and find out what information is held on them, and how the organisation is processing that data.

Is a wave of data breach litigation on the horizon?

Find out why more people are banding together to legally enforce their data privacy rights. 

How will you do subject access requests?

We all know that the EU GDPR is coming into force very soon. May 2018 is going to usher in the new rules on data protection and privacy, and all organisations that deal with EU citizens’ personal information need to be ready.

Privacy Shield update from Egress

Find out how Egress is responding to the European Court of Justice issuing its judgement that the EU/US Privacy Shield programme was invalid.

GDPR: How to do subject access requests the right way

Article 15 of the GDPR concerns the right of access by the data subject. This means that under GDPR, EU citizens can contact organisations and businesses they have dealt with and find out what information is held on them, and how the organisation is processing that data.

HIPAA: Health Insurance Portability and Accountability Act

Is my business email HIPAA compliant?

Due to the complexities of HIPAA email compliance, the issue requires more than encryption.

How we help you comply: HIPAA

We can provide further information to you about how the compliance measures that we take in respect of our own software and services can help you to meet your own obligations under HIPAA and HITECH.  We can provide this information either under a non-disclosure agreement or through any secure portal functionality.

How to create an effective HIPAA email policy?

Learn how to create an effective email policy to ensure your organization's use of email adheres to HIPAA compliance measures.

HIPAA at home: keeping ePHI safe while working remotely

Three tips for keeping ePHI secure while working remotely.

Are you ready for submitting your HIPAA breach reports to HHS?

Any small US healthcare organisation that’s suffered a breach in 2018 had to notify HHS by March 1st 2019, which just rolled past.

How to send HIPAA compliant encrypted email

Learn how to send encrypted HIPAA-compliant email in our comprehensive guide.

HIPAA email compliance: the how to guide

HIPAA (Health Insurance Portability and Accountability Act) is a major piece of data privacy legislation that aims to secure (electronic) Protected Healthcare Information (PHI and ePHI) from fraud and data breaches.

HIPAA Email Encryption

Find out more about the Health Insurance Portability and Accountability Act (HIPAA) and how to remain compliant when sharing sensitive data over email

GCSx: Government Connect Secure Extranet & GLBA: Gramm–Leach–Bliley Act

How we help you comply: GLBA

Our software and services are firmly focussed on ensuring regulatory compliance – not just with the GLBA, but with other privacy regulations around the globe.  You can find out more information on each of these using the links above or the Products and Solutions tabs at the top of the page.

Preparing for GCSX retirement

For over 20 years, UK Government has relied on the ‘gsi-family’ of email domains for securing email communication between government departments.

ISO27001 Certification

How Egress can help with ISO27001 compliance

The ISO 27001:2013 international standard specifies requirements for an Information Security Management System (ISMS)

Why does Egress’ ISO/IEC 27001:2013 certification matter?

ISO27001 certification provides organisations with a way to demonstrate the strength of their security practices to customers, prospects and partners