Privacy

Beware Compliance Pitfalls When Recruiting on Social Media Sites

December 13, 2011

More companies are using social media sites like LinkedIn to search for potential job candidates. While there's nothing inherently problematic about the strategy, companies need to be careful, since those sites often provide sensitive personal information. "Employers should be careful not to make decisions based on some information obtained via social media," says Susan Gross Sholinsky of law firm Epstein Becker Green.
 

SEC's Corp Fin Staff Attacks Cyber-Security Disclosure

October 25, 2011

The Securities and Exchange Commission's latest burst of staff guidance takes aim at the tricky realm of disclosing cyber-security risks, with a five-part checklist of the sorts of disclosure the SEC expects to see in corporate filings. In other words, says Sanjay Shirodkar of the law firm DLA Piper, the SEC staff considers cyber-security disclosure important, "and it's likely they'll be issuing more comments regarding the matters in the guidance."
 

NLRB Provides Guidance on Social Media Practices and Policies

September 20, 2011

A new report from the National Labor Relations Board examines real cases of employee use of social media to provide more clarity to employers on what represents legally protected activity. The report also gives new guidance on acceptable social media policies and what employers can and cannot restrict workers from doing online. More details inside.
 

Auditing in the Clouds, Coming Down to Earth

July 12, 2011

The move to cloud services continues to accelerate, but the shift is more than just a change in technological platforms. It fundamentally alters the way business and IT systems function. Inside, Columnist José Tabuena looks at the many challenges the cloud creates for internal audit, including a lack of security standards, and finds that no way currently exists to audit the cloud in a consistent manner.
 

Data Breach at Security Firm Could Make Others Vulnerable

June 21, 2011

After computer hackers launched an attack on RSA, a computer security firm, they may have made off with data that could be used to help gain access to systems at other companies. The strike highlights the sophistication and the lengths hackers will go to infiltrate companies' systems. More details inside.
 

White House, FTC Call for Data Security Legislation

June 07, 2011

The Federal Trade Commission is pushing Congress to enact legislation on data security and on informing customers of a data breach. The FTC wants to bring the law into line with current enforcement policies, mainly that companies need to implement "reasonable" security procedures. A federal law would mean that the FTC could impose civil penalties without first getting a settlement agreement.
 

High-Profile Data Breaches Raise Security Alerts

May 03, 2011

The data security theft at Sony, which compromised the personal information of as many as 77 million users, is just the latest in a string of attacks on corporate databases. Even before that breach, Treasury officials were urging companies, especially those in the financial sector, to conduct periodic risk assessments of their information security programs and to institute other safeguards. Details inside.
 

Google Settles Landmark Data Privacy Case

April 26, 2011

In a first-of-its-kind settlement, Google has agreed to establish a comprehensive privacy program after running afoul of safe-harbor rules that govern the collection and use of consumer information. "This is the most far-reaching, broadest FTC action on privacy to date," says Sharon Goott Nissim, consumer privacy counsel at the Electronic Privacy Information Center.
 

Most Companies Not Erasing Sensitive Data

November 16, 2010

Most businesses don't properly erase sensitive data from old computers and hard drives, leaving them highly susceptible to data breaches, according to a survey by Kroll Ontrack.Only 49 percent of more than 1,500 respondents polled worldwide say their businesses are systematically deploying a data eraser method. Among that group, 75...
 

Must-Read: Major HIPAA Changes Out for Comment

July 09, 2010

Healthcare compliance officers take note: Sweeping changes to the privacy rules under the Health Insurance Portability and Accountability Act are out for comment.The Department of Health and Human Services has published proposed rulemaking that will significantly modify the HIPAA Privacy, Security, and Enforcement Rules. The proposals are out for a...
 

Commerce Department Seeks Comment on Privacy Laws

May 03, 2010

Anyone dealing with domestic and global privacy laws take note: The Department of Commerce is seeking public comment on issues related to domestic and global privacy policies as part of a broad review of how those policies impact innovation in the information economy and on whether current laws serve consumer...
 

Poll: Gap Between Intent & Outcome in Data Protection

April 28, 2010

While high-profile security breaches and the legal and reputational risks that come with them have made protecting personal data critical area for companies, they may not be doing as well as they think in that department.According to a study by Accenture and The Ponemon Institute, there's a huge difference between...
 

Ruling a Reminder to Update E-Communication Policies

April 15, 2010

Companies may want to tighten up their electronic communications policies in light of a recent court ruling.Affirming an appellate decision, the New Jersey Supreme Court ruled unanimously in Stengart v. Loving Care Agency Inc. that attorney-client privilege applied to e-mails sent by an employee using a company-issued laptop to her lawyer...
 

German Staff Snooping Law Makes Compliance Tougher

September 01, 2009

A new data protection law in Germany will make it harder for companies to implement anti-fraud and corruption controls that involve monitoring employees, according to law firm Clifford Chance.The amendment to the existing Federal Data Protection Act (known in German as the BDSG) follows a series of scandals in which...
 

HIPAA HITECH Breach Notification Rule Posted

August 24, 2009

Health care providers, health plans, and other entities covered by the Health Insurance Portability and Accountability Act take note: The U.S. Department of Health and Human Services has issued new rules requiring those entities to notify individuals when their health information is breached.The "breach notification" regulations implement provisions of the...
 

Heads Up: Mass. Eases & Delays Data Security Regs Again

February 13, 2009

Welcome news for companies that maintain personal information of Massachusetts residents: The state’s Office of Consumer Affairs and Business Regulation has once again eased and delayed new identity theft regulations that require companies to encrypt personal information stored on portable devices or transmitted wirelessly or on public networks.The latest delay,...
 

Compliance Week Podcasts ...

Every week we chat with leading thinkers in compliance, auditing, risk management, public policy and more. These short (10-15 minutes) interviews are free to all. Follow Compliance Week podcasts on iTunes.

Compliance Week LinkedIn Group

Compliance Week now has a companion group on LinkedIn, where members can network and discuss the compliance and governance news of the day. Open to all compliance professionals, free to join.

Survey of the Week


Deloitte is conducting their annual Look Before You Leap: Managing Risks in Global Investments survey to better understand the approaches companies are taking to address compliance and integrity-related risks in emerging markets. 

Thought Leadership

The Risk Intelligent CCO
Sponsored by Deloitte

FCPA Compliance
Sponsored by Kroll Advisory Services

Upcoming Webcasts

ERP Security "Health Check"
Sponsored by ControlPanel GRC

Financial Continuous Monitoring
Sponsored by Infor

Event of the Week

World Class Financial Assurance
Sponsored by Infor