Data security

Obama Administration Issues New Data Privacy Standards

April 10, 2012

The federal government's latest attempt to protect consumer privacy—a set of privacy standards published by the Obama Administration six weeks ago—doesn't have the force of law behind it. But the standards do suggest where privacy law may go in the future, and companies would do well to study the standards' core principles. "Consumer trust is vital," says Fred Humphries, vice president of U.S. government affairs for Microsoft.
 

Risk Study Outlines Strategic Shift

April 03, 2012

A new study of corporate risk-management efforts has spotlighted a burgeoning effort to shift toward a more strategic, board-level, "are we prepared to recover?" approach that might help companies withstand today's risk environment. "Risks are more interconnected, and the ramifications of risk are happening at a faster pace than they ever have in the past," says Ken Coy, U.S. leader for PwC's governance, risk, and compliance practice.
 

Improving Data Security for Mobile and Cloud Computing

March 13, 2012

The advent of cloud computing and mobile devices has dramatically changed the way employees access and share information, yet the related security risks continue to frustrate IT professionals. Companies need to strike a balance between interconnectivity and security. "This new world cannot be a choice between social versus secure; it has to be both," said Symantec CEO Enrique Salem.
 

Preparing for the Inevitable Cyber-Attack

March 06, 2012

As attacks on corporate networks become more common and hackers, armed with information stolen directly from security firms, become more brazen, a new approach to security is emerging: companies assume breaches will occur, and work to limit the damage. "Accepting the inevitability of compromise doesn't mean that we have to accept the inevitability of loss," said Arthur Coviello, executive chairman of EMC's security unit, RSA.
 

Mass. Data Privacy Law Goes Into Full Effect

February 28, 2012

The final provision of Massachusetts' data privacy law kicks in March 1, putting companies nationwide in the tenuous position of policing their third-party service providers. "Many companies will say, 'I've hired the biggest guy in town,' but it doesn't hurt them to ask if you have the right to audit," says Sara Jane Shanahan of the law firm Sherin and Lodgen.
 

Europe's New Data Laws Could Snare Many U.S. Companies

January 31, 2012

The European Union is moving toward new data protection laws that will require many U.S. companies with a sizable European customer base to comply for the first time, which could carry a hefty price tag. "There is no doubt that, as written, this proposal will have major repercussions for business in terms of compliance costs," says Belinda Doshi, a partner at London-based law firm Nabarro.
 

Ten Global Compliance Trends to Watch in 2012

January 03, 2012

The United States isn't the only place with big changes afoot; inside is a preview of the top 10 global compliance trends to watch for in 2012. Among them: stricter data protection laws, tougher corporate governance rules, more U.K. Bribery Act litigation, a breakdown of Big 4 power, huge strides for cloud computing, and much more.
 

Choosing a Compliance-as-a-Service Vendor

December 06, 2011

Some companies are giving up on trying to keep pace with rapidly changing regulations on information systems. Instead, they are outsourcing the task to compliance-as-a-service providers. "Now they can get a snapshot of the entire business and look at it from a much broader stance," says Jim Stickley, chief technology officer and co-founder of TraceSecurity, an IT security firm.
 

SEC's Corp Fin Staff Attacks Cyber-Security Disclosure

October 25, 2011

The Securities and Exchange Commission's latest burst of staff guidance takes aim at the tricky realm of disclosing cyber-security risks, with a five-part checklist of the sorts of disclosure the SEC expects to see in corporate filings. In other words, says Sanjay Shirodkar of the law firm DLA Piper, the SEC staff considers cyber-security disclosure important, "and it's likely they'll be issuing more comments regarding the matters in the guidance."
 

Fitting Social Media Into Your e-Discovery Regime

August 23, 2011

Congratulations! Your business is thriving online thanks to social media! Now how do you track all that data in the event of litigation? Too often, with great difficulty. "You don't want to have to cull through unlimited amounts of data when you have to respond to an e-discovery litigation event," says Philip Favro, a discovery attorney at Symantec. Tips on how to reduce that workload, inside.
 

More Companies Turning to Data Breach Insurance

July 06, 2011

After high-profile data breaches at companies such as Sony and Citigroup, more companies are looking to insure against cyber risks, and more insurers are tailoring products to guard against the costs associated with the loss of sensitive information. "We've seen more growth in the last three years than all the years prior," says Toby Merrill, vice president of insurance company ACE Professional Risk.
 

Data Breach at Security Firm Could Make Others Vulnerable

June 21, 2011

After computer hackers launched an attack on RSA, a computer security firm, they may have made off with data that could be used to help gain access to systems at other companies. The strike highlights the sophistication and the lengths hackers will go to infiltrate companies' systems. More details inside.
 

White House, FTC Call for Data Security Legislation

June 07, 2011

The Federal Trade Commission is pushing Congress to enact legislation on data security and on informing customers of a data breach. The FTC wants to bring the law into line with current enforcement policies, mainly that companies need to implement "reasonable" security procedures. A federal law would mean that the FTC could impose civil penalties without first getting a settlement agreement.
 

CW 2011: Enforcers Talk Ethics, and Talk Details

June 01, 2011

The U.S. attorney who oversees Wall Street and the top cop at the Consumer Financial Protection Bureau both delivered speeches at Compliance Week 2011 hammering home the point that executives must constantly demonstrate a commitment to integrity, and gave some insights into their enforcement operations. Above, U.S. Attorney Preet Bharara speaks to the audience. Full details inside.
 

FTC Accuses Companies of 'Unreasonable' Data Security Programs

May 04, 2011

The Federal Trade Commission has charged two companies with failing to keep their customers' data secure. Among the charges are that the firms did not implement reasonable data security procedures and that they failed to follow their own data security policies.
 

High-Profile Data Breaches Raise Security Alerts

May 03, 2011

The data security theft at Sony, which compromised the personal information of as many as 77 million users, is just the latest in a string of attacks on corporate databases. Even before that breach, Treasury officials were urging companies, especially those in the financial sector, to conduct periodic risk assessments of their information security programs and to institute other safeguards. Details inside.
 

WikiLeaks: the Other Whistleblower Problem

February 23, 2011

So far WikiLeaks has mostly revealed confidential documents related to government and military issues. Why should corporate compliance officers care? Because Julian Assange, the man at the center of the controversial Website, says that the next target is Corporate America. Inside, some protective measures to take.
 

Outsourcing Failure Lands Zurich Record Fine

September 01, 2010

U.K. regulator the Financial Services Authority has hit Zurich Insurance with a record fine for failing to keep confidential customer information safe.Zurich lost the personal details of 46,000 customers, including in some cases their bank and credit card information.The regulator found that the company did not have adequate systems and...
 

Compliance Week Podcasts ...

Every week we chat with leading thinkers in compliance, auditing, risk management, public policy and more. These short (10-15 minutes) interviews are free to all. Follow Compliance Week podcasts on iTunes.

Compliance Week LinkedIn Group

Compliance Week now has a companion group on LinkedIn, where members can network and discuss the compliance and governance news of the day. Open to all compliance professionals, free to join.

Survey of the Week


Deloitte is conducting their annual Look Before You Leap: Managing Risks in Global Investments survey to better understand the approaches companies are taking to address compliance and integrity-related risks in emerging markets. 

Thought Leadership

The Risk Intelligent CCO
Sponsored by Deloitte

FCPA Compliance
Sponsored by Kroll Advisory Services

Upcoming Webcasts

ERP Security "Health Check"
Sponsored by ControlPanel GRC

Financial Continuous Monitoring
Sponsored by Infor

Event of the Week

World Class Financial Assurance
Sponsored by Infor