While high-profile security breaches and the legal and reputational risks that come with them have made protecting personal data critical area for companies, they may not be doing as well as they think in that department. According to a study by Accenture and The Ponemon Institute, there’s a huge difference between organizations’ intentions regarding data […]
Data Privacy
Posted inData Privacy
Ruling a Reminder to Update E-Communication Policies
Companies may want to tighten up their electronic communications policies in light of a recent court ruling. Affirming an appellate decision, the New Jersey Supreme Court ruled unanimously in Stengart v. Loving Care Agency Inc. that attorney-client privilege applied to e-mails sent by an employee using a company-issued laptop to her lawyer through a personal […]
Posted inInternal Controls
Four Steps to Better Privacy Compliance
The floodgates of guidance about Massachusetts’ new data privacy regulations are officially open. The new rules, bureaucratically known as 201 CMR 17.00, took effect March 1 and are widely considered to be the toughest privacy standard in the nation. They apply to any company that “owns or licenses” personal information—whether stored in electronic or paper […]
Posted inData Privacy
Two Reviews of GRC Software Implementations
Plenty of companies still use Microsoft software or homegrown IT solutions to manage their governance, risk, and compliance efforts, but a respectable fraction have also tried to implement dedicated, enterprise-wide GRC software systems to consolidate the management of multiple regulatory compliance burdens under one IT roof. Compliance Week recently spoke with executives at two companies […]
Posted inData Privacy
Massachusetts’ Tough Privacy Law Takes Effect
Corporate compliance, legal, and IT officers entered a brave new world last week, when Massachusetts’ strict new data privacy law finally went into effect. The law, bureaucratically known as 201 CMR 17.00, took hold on March 1 after a year of delays to quell anxiety among corporations that the specific details of implementation were vague, […]
Posted inData Privacy
Case Study: ACS Conquers Identity Management
For Affiliated Computer Services, a Dallas-based IT and business-process outsourcing firm that does business in 100 countries, identity management had become not only a compliance concern by 2008—it was a business risk and productivity drain as well. Many of ACS’s 74,000 employees work in jobs known for high turnover, such as handling calls for major […]
Posted inData Privacy
Updating PCI Compliance to Thwart Breaches
Breaches of consumers’ personal information are quickly becoming one of the biggest operational risks facing any business conducting electronic commerce. How big? The Federal Trade Commission estimates that breaches of “PCI” hit 9 million Americans and cost about $52 billion—annually. With so many PCI security breaches making headlines, you can’t help but question how effective […]
Posted inInternal Controls
Study: Cos. Still Lagging on Records Management
A new study of corporations’ records management programs paints a troubling picture of companies still struggling to keep pace with the huge compliance demands piling onto them, despite the strides made in the last several years. The study, the 2009 Iron Mountain Compliance Benchmark Report, surveyed more than 2,500 enterprises in the public, private, government, […]
Posted inData Privacy
Data Privacy Practices Explored
A consensus is emerging among regulators that companies’ efforts to protect the consumer data they collect need a serious overhaul to keep pace with today’s changing technology landscape. The agency taking point on the issue is the Federal Trade Commission, which has begun a series of public forums to explore privacy challenges posed by modern […]
Posted inData Privacy
Monitoring Controls a Top Priority in 2010
As Corporate America settles into 2010, it may want to put stronger monitoring controls on its list of things to do this year. In an increasingly complex global operating environment, automated monitoring controls—that is, a system that continuously monitors a business process and automatically flags any deviation from the norm—can help to drive down costs, […]
