At the request of subscribers, Compliance Week offers a Remediation Center, in which readers can submit questions—anonymously—to securities and accounting experts. Compliance Week’s editors will review all questions and then submit them—confidentially, of course—to specialists who can address the issues. The questions and responses will then be reprinted in a future edition of Compliance Week. […]
Data Privacy
Posted inEthics & Culture
How Companies Are Coping With Social Media
While the use of online social media sites such as Facebook, Twitter, and YouTube has exploded, the adoption of policies governing the use of those tools by the workforce is still lagging. That’s according to a recent survey of nearly 800 compliance and ethics professionals conducted by the Society of Corporate Compliance & Ethics and […]
Posted inData Privacy
German Staff Snooping Law Makes Compliance Tougher
A new data protection law in Germany will make it harder for companies to implement anti-fraud and corruption controls that involve monitoring employees, according to law firm Clifford Chance. The amendment to the existing Federal Data Protection Act (known in German as the BDSG) follows a series of scandals in which high-profile German companies were […]
Posted inData Privacy
HIPAA HITECH Breach Notification Rule Posted
Health care providers, health plans, and other entities covered by the Health Insurance Portability and Accountability Act take note: The U.S. Department of Health and Human Services has issued new rules requiring those entities to notify individuals when their health information is breached. The “breach notification” regulations implement provisions of the Health Information Technology for […]
Posted inData Privacy
Developing a Matrix for Cloud-Computing Compliance
If you spend any time eavesdropping on your CIO’s conversations these days, you’re likely to hear him or her talk about “virtualization.” As technology goes, virtualization is a nifty idea: software programs out on the Internet somewhere serving the same function as hardware typically housed in your company’s data center. It travels under multiple names—cloud […]
Posted inData Privacy
Mass. Data Privacy Law Still in Flux
Compliance executives across the nation are increasingly worried that Massachusetts’ troublesome new data privacy law, scheduled to go into effect at the start of 2010, is still a cauldron of unanswered compliance questions. The law—now embodied as state regulation 201 CMR 17.00—is far more rigorous than any other data privacy rule in the country. It […]
Posted inData Privacy
State Secrets, Business Information in China
The broad contours of the dispute between mining conglomerate Rio Tinto and the Chinese government—hardball business tactics, espionage charges, four Rio employees under arrest—are enough to leave any compliance officer unsettled. The spat itself is likely to be settled via quiet diplomacy between China, Australia (Rio Tinto’s home country), and Rio’s boardroom. But compliance officers […]
Posted inInternal Controls
Amid Anxiety, Red Flag Rules Take Effect
The Federal Trade Commission’s compliance deadline for its so-called Red Flag Rules has finally arrived, requiring banks and other creditors to have written programs in place to find, stop, and mitigate theft of consumers’ personal data. The rules formally go into effect Aug. 1, after a three-month extension to give companies more time to find […]
Posted inData Privacy
FTC Decision Jolts Collection of Customer Data
A proposed settlement between the Federal Trade Commission and Sears Holdings Corp. could portend a new wave of enforcement actions against companies that deceptively collect consumer information. The settlement raps Sears Holdings—which owns both Sears and K-Mart—for enticing visitors to the stores’ Websites to enroll in a special “My SHC Community” program where they downloaded […]
Posted inData Privacy
Cloud Computing Vs. Internal Controls
John Bace, a research analyst at the Gartner Group, had just finished a presentation for a corporate client. Discussion shifted to the company’s data storage, and the client’s CIO mentioned he planned on moving much of that data to “the cloud.” The general counsel looked across the table and asked him what he meant. He […]
