For Affiliated Computer Services, a Dallas-based IT and business-process outsourcing firm that does business in 100 countries, identity management had become not only a compliance concern by 2008—it was a business risk and productivity drain as well. Many of ACS’s 74,000 employees work in jobs known for high turnover, such as handling calls for major […]
Data Privacy
Posted inData Privacy
Updating PCI Compliance to Thwart Breaches
Breaches of consumers’ personal information are quickly becoming one of the biggest operational risks facing any business conducting electronic commerce. How big? The Federal Trade Commission estimates that breaches of “PCI” hit 9 million Americans and cost about $52 billion—annually. With so many PCI security breaches making headlines, you can’t help but question how effective […]
Posted inInternal Controls
Study: Cos. Still Lagging on Records Management
A new study of corporations’ records management programs paints a troubling picture of companies still struggling to keep pace with the huge compliance demands piling onto them, despite the strides made in the last several years. The study, the 2009 Iron Mountain Compliance Benchmark Report, surveyed more than 2,500 enterprises in the public, private, government, […]
Posted inData Privacy
Data Privacy Practices Explored
A consensus is emerging among regulators that companies’ efforts to protect the consumer data they collect need a serious overhaul to keep pace with today’s changing technology landscape. The agency taking point on the issue is the Federal Trade Commission, which has begun a series of public forums to explore privacy challenges posed by modern […]
Posted inData Privacy
Monitoring Controls a Top Priority in 2010
As Corporate America settles into 2010, it may want to put stronger monitoring controls on its list of things to do this year. In an increasingly complex global operating environment, automated monitoring controls—that is, a system that continuously monitors a business process and automatically flags any deviation from the norm—can help to drive down costs, […]
Posted inData Privacy
Congress Works to Revamp Privacy Laws
You may need to squint to see it, but amid all the legislative fireworks over healthcare and financial regulation, Congress is also finally taking some substantive steps to overhaul the country’s tangled mess of data privacy laws. As 2009 drew to a close, the House passed a bill that would set a federal standard for […]
Posted inInternal Controls
Constructing a Privacy-Risk Assessment
At the request of subscribers, Compliance Week offers a Remediation Center, in which readers can submit questions—anonymously—to securities and accounting experts. Compliance Week’s editors will review all questions and then submit them—confidentially, of course—to specialists who can address the issues. The questions and responses will then be reprinted in a future edition of Compliance Week. […]
Posted inEthics & Culture
How Companies Are Coping With Social Media
While the use of online social media sites such as Facebook, Twitter, and YouTube has exploded, the adoption of policies governing the use of those tools by the workforce is still lagging. That’s according to a recent survey of nearly 800 compliance and ethics professionals conducted by the Society of Corporate Compliance & Ethics and […]
Posted inData Privacy
German Staff Snooping Law Makes Compliance Tougher
A new data protection law in Germany will make it harder for companies to implement anti-fraud and corruption controls that involve monitoring employees, according to law firm Clifford Chance. The amendment to the existing Federal Data Protection Act (known in German as the BDSG) follows a series of scandals in which high-profile German companies were […]
Posted inData Privacy
HIPAA HITECH Breach Notification Rule Posted
Health care providers, health plans, and other entities covered by the Health Insurance Portability and Accountability Act take note: The U.S. Department of Health and Human Services has issued new rules requiring those entities to notify individuals when their health information is breached. The “breach notification” regulations implement provisions of the Health Information Technology for […]
