Most businesses don’t properly erase sensitive data from old computers and hard drives, leaving them highly susceptible to data breaches, according to a survey by Kroll Ontrack. Only 49 percent of more than 1,500 respondents polled worldwide say their businesses are systematically deploying a data eraser method. Among that group, 75 percent don’t delete data […]
Data Privacy
Posted inData Privacy
Weighing Risks, Benefits of Cloud Computing and SaaS
As cloud computing and software-as-a-service increase in popularity, concerns are growing over the control and security issues that come with adoption of the technologies. Two recent reports offer fresh insight into how companies are adapting to cloud computing and software-as-a-service, commonly known as “SaaS.” Overall, the reports show companies increasingly realize the benefits of such […]
Posted inData Privacy
How to Avoid a Data Breach Disaster
A few years ago, a laptop containing encrypted information was stolen from the apartment of an employee at Canandaigua National Bank & Trust, creating a potentially large breach of sensitive customer information. When Canandaigua management heard about the theft, the company’s 14-member security team conducted a breach assessment and came up with a disaster recovery […]
Posted inInternal Controls
SAS 70 Reports, in Harsh Spotlight Again
A recent analyst report is reminding the compliance community yet again that so-called SAS 70 reports—the supposedly formal assurances software vendors give to corporate customers about their own internal controls—should be viewed with a skeptical eye. Analysts Jay Heiser and French Caldwell, both research vice presidents at Gartner, say some vendors (and even some of […]
Posted inData Privacy
Must-Read: Major HIPAA Changes Out for Comment
Healthcare compliance officers take note: Sweeping changes to the privacy rules under the Health Insurance Portability and Accountability Act are out for comment. The Department of Health and Human Services has published proposed rulemaking that will significantly modify the HIPAA Privacy, Security, and Enforcement Rules. The proposals are out for a 60-day comment period after […]
Posted inInternal Controls
Study Finds Gap in Privacy Expectations, Delivery
Corporations are still failing to deliver on efforts to tighten up information security and consumer privacy, despite all the bad publicity and legal risks that they—and everyone else—are already painfully aware of, according to a new study on the problem. The report, conducted by Accenture and the Ponemon Institute, surveyed 5,500 business leaders to see […]
Posted inData Privacy
Commerce Department Seeks Comment on Privacy Laws
Anyone dealing with domestic and global privacy laws take note: The Department of Commerce is seeking public comment on issues related to domestic and global privacy policies as part of a broad review of how those policies impact innovation in the information economy and on whether current laws serve consumer interests. Among other things, the […]
Posted inData Privacy
Poll: Gap Between Intent & Outcome in Data Protection
While high-profile security breaches and the legal and reputational risks that come with them have made protecting personal data critical area for companies, they may not be doing as well as they think in that department. According to a study by Accenture and The Ponemon Institute, there’s a huge difference between organizations’ intentions regarding data […]
Posted inData Privacy
Ruling a Reminder to Update E-Communication Policies
Companies may want to tighten up their electronic communications policies in light of a recent court ruling. Affirming an appellate decision, the New Jersey Supreme Court ruled unanimously in Stengart v. Loving Care Agency Inc. that attorney-client privilege applied to e-mails sent by an employee using a company-issued laptop to her lawyer through a personal […]
Posted inInternal Controls
Four Steps to Better Privacy Compliance
The floodgates of guidance about Massachusetts’ new data privacy regulations are officially open. The new rules, bureaucratically known as 201 CMR 17.00, took effect March 1 and are widely considered to be the toughest privacy standard in the nation. They apply to any company that “owns or licenses” personal information—whether stored in electronic or paper […]