If you spend any time eavesdropping on your CIO’s conversations these days, you’re likely to hear him or her talk about “virtualization.” As technology goes, virtualization is a nifty idea: software programs out on the Internet somewhere serving the same function as hardware typically housed in your company’s data center. It travels under multiple names—cloud […]
Data Privacy
Posted inInternal Controls
Amid Anxiety, Red Flag Rules Take Effect
The Federal Trade Commission’s compliance deadline for its so-called Red Flag Rules has finally arrived, requiring banks and other creditors to have written programs in place to find, stop, and mitigate theft of consumers’ personal data. The rules formally go into effect Aug. 1, after a three-month extension to give companies more time to find […]
Posted inData Privacy
Mass. Data Privacy Law Still in Flux
Compliance executives across the nation are increasingly worried that Massachusetts’ troublesome new data privacy law, scheduled to go into effect at the start of 2010, is still a cauldron of unanswered compliance questions. The law—now embodied as state regulation 201 CMR 17.00—is far more rigorous than any other data privacy rule in the country. It […]
Posted inData Privacy
State Secrets, Business Information in China
The broad contours of the dispute between mining conglomerate Rio Tinto and the Chinese government—hardball business tactics, espionage charges, four Rio employees under arrest—are enough to leave any compliance officer unsettled. The spat itself is likely to be settled via quiet diplomacy between China, Australia (Rio Tinto’s home country), and Rio’s boardroom. But compliance officers […]
Posted inData Privacy
FTC Decision Jolts Collection of Customer Data
A proposed settlement between the Federal Trade Commission and Sears Holdings Corp. could portend a new wave of enforcement actions against companies that deceptively collect consumer information. The settlement raps Sears Holdings—which owns both Sears and K-Mart—for enticing visitors to the stores’ Websites to enroll in a special “My SHC Community” program where they downloaded […]
Posted inData Privacy
Cloud Computing Vs. Internal Controls
John Bace, a research analyst at the Gartner Group, had just finished a presentation for a corporate client. Discussion shifted to the company’s data storage, and the client’s CIO mentioned he planned on moving much of that data to “the cloud.” The general counsel looked across the table and asked him what he meant. He […]
Posted inData Privacy
A Comprehensive Approach to Compliance Risks
Frank Lopez’s recent Compliance Week guest column, “Tips for Mitigating Whistleblower Risk,” (March 3, 2009) provided a good overview of whistleblower policy, as well as some excellent suggestions for improving the anonymous hotline reporting process overall. It also got me thinking about the importance of moving beyond the hotline, and beyond business-as-usual reporting on risk- […]
Posted inEthics & Culture
Whistleblower Policy a Necessity During Weak Economy
Tips, strategies, and frustrations about how to manage compliance programs more effectively were the dominant theme at Compliance Week 2009, as corporate compliance officers everywhere voiced concerns about the increasing risks their departments must manage—with ever-tighter budgets. The bad economy is a risk in its own right, according to Cynthia Jackson, a partner in the […]
Posted inInternal Controls
Managing IT Controls for SOX Compliance
The Sarbanes-Oxley Act is considered by many to be the road to redemption for the past sins of Enron, WorldCom, and other corporate players who subverted the rules of business by using financial engineering to inflate the performance of their businesses. Advocates for SOX consider this legislation an approach to ensure corporate responsibility for financial […]
Posted inData Privacy
FTC Looks to Revise Media Advertising
The Federal Trade Commission is issuing a strong warning to advertisers: Learn how to self-regulate, or we’ll establish regulations for you. The FTC is working to update its “Guide Concerning the Use of Endorsements and Testimonials in Advertising,” which hasn’t been revised in nearly 30 years and lags far behind marketing in the Internet age. […]
