The proliferation of artificial intelligence technologies—and their reliance on publicly available data—has reinforced the need for tech developers and the companies using their solutions to ensure privacy by design and by default is at the crux of any offering.
Cybersecurity
Posted inRegulatory Enforcement
Change Healthcare facing HHS probe following crippling cyberattack
Change Healthcare, a health payment processor hit by a crippling cyberattack in February, is under investigation by the Department of Health and Human Services’ Office for Civil Rights.
Posted inRisk Management
U.S. banking regs mulling enhanced operational resiliency frameworks
Acting Comptroller of the Currency Michael Hsu said federal banking agencies are considering enhancements to their operational resiliency requirements for member banks.
Posted inRisk Management
New Zealand banks to report material cyber incidents within 72 hours
The Reserve Bank of New Zealand added new reporting requirements for its member banks to follow if they suffer a material cyber incident and for all types of cyberattacks.
Posted inEurope
Italian DPA fines UniCredit $3M over data breach GDPR lapses
The Italian data protection authority announced a fine of €2.8 million (U.S. $3 million) against UniCredit for alleged violations of the General Data Protection Regulation regarding insufficient security measures the bank had in place during a cyberattack.
Posted inData Privacy
Biden executive order to target commercial data broker activities
A new executive order seeks to put clamps on the sale of Americans’ personal data by data brokers and other companies to certain countries found to be of national security concern.
Posted inEthics & Culture
CW National 2024 preview: Diana Kelley on AI implications for compliance
Artificial intelligence expert Diana Kelley will discuss what AI means for organizations and explore the technology’s implications for compliance and enterprise risk as part of a keynote address at Compliance Week’s National Conference in Washington, D.C.
Posted inRegulatory Enforcement
DOJ official: Expect more cybersecurity false claim enforcements
The announcement of a record year in several areas of False Claims Act enforcement at the Department of Justice was accompanied by a warning that more significant cases are coming, particularly regarding cybersecurity-related claims.
Posted inEurope
Toeing the ‘fine line’ of cloud security compliance
When organizations move their data or operations to the cloud, the compliance team has their work cut out and then some, experts discussed at CW’s Cyber Risk & Data Privacy Summit.
Posted inRegulatory Enforcement
Montefiore Medical Center to pay $4.8M over employee’s data theft
Montefiore Medical Center agreed to pay $4.75 million to settle allegations by the Department of Health and Human Services’ Office for Civil Rights that failures by the New York City nonprofit facility allowed an employee to steal and sell patient information for six months.
