A new data protection law in Germany will make it harder for companies to implement anti-fraud and corruption controls that involve monitoring employees, according to law firm Clifford Chance. The amendment to the existing Federal Data Protection Act (known in German as the BDSG) follows a series of scandals in which high-profile German companies were […]
Data Privacy
Posted inData Privacy
HIPAA HITECH Breach Notification Rule Posted
Health care providers, health plans, and other entities covered by the Health Insurance Portability and Accountability Act take note: The U.S. Department of Health and Human Services has issued new rules requiring those entities to notify individuals when their health information is breached. The “breach notification” regulations implement provisions of the Health Information Technology for […]
Posted inData Privacy
Developing a Matrix for Cloud-Computing Compliance
If you spend any time eavesdropping on your CIO’s conversations these days, you’re likely to hear him or her talk about “virtualization.” As technology goes, virtualization is a nifty idea: software programs out on the Internet somewhere serving the same function as hardware typically housed in your company’s data center. It travels under multiple names—cloud […]
Posted inInternal Controls
Amid Anxiety, Red Flag Rules Take Effect
The Federal Trade Commission’s compliance deadline for its so-called Red Flag Rules has finally arrived, requiring banks and other creditors to have written programs in place to find, stop, and mitigate theft of consumers’ personal data. The rules formally go into effect Aug. 1, after a three-month extension to give companies more time to find […]
Posted inData Privacy
Mass. Data Privacy Law Still in Flux
Compliance executives across the nation are increasingly worried that Massachusetts’ troublesome new data privacy law, scheduled to go into effect at the start of 2010, is still a cauldron of unanswered compliance questions. The law—now embodied as state regulation 201 CMR 17.00—is far more rigorous than any other data privacy rule in the country. It […]
Posted inData Privacy
State Secrets, Business Information in China
The broad contours of the dispute between mining conglomerate Rio Tinto and the Chinese government—hardball business tactics, espionage charges, four Rio employees under arrest—are enough to leave any compliance officer unsettled. The spat itself is likely to be settled via quiet diplomacy between China, Australia (Rio Tinto’s home country), and Rio’s boardroom. But compliance officers […]
Posted inData Privacy
FTC Decision Jolts Collection of Customer Data
A proposed settlement between the Federal Trade Commission and Sears Holdings Corp. could portend a new wave of enforcement actions against companies that deceptively collect consumer information. The settlement raps Sears Holdings—which owns both Sears and K-Mart—for enticing visitors to the stores’ Websites to enroll in a special “My SHC Community” program where they downloaded […]
Posted inData Privacy
Cloud Computing Vs. Internal Controls
John Bace, a research analyst at the Gartner Group, had just finished a presentation for a corporate client. Discussion shifted to the company’s data storage, and the client’s CIO mentioned he planned on moving much of that data to “the cloud.” The general counsel looked across the table and asked him what he meant. He […]
Posted inData Privacy
A Comprehensive Approach to Compliance Risks
Frank Lopez’s recent Compliance Week guest column, “Tips for Mitigating Whistleblower Risk,” (March 3, 2009) provided a good overview of whistleblower policy, as well as some excellent suggestions for improving the anonymous hotline reporting process overall. It also got me thinking about the importance of moving beyond the hotline, and beyond business-as-usual reporting on risk- […]
Posted inEthics & Culture
Whistleblower Policy a Necessity During Weak Economy
Tips, strategies, and frustrations about how to manage compliance programs more effectively were the dominant theme at Compliance Week 2009, as corporate compliance officers everywhere voiced concerns about the increasing risks their departments must manage—with ever-tighter budgets. The bad economy is a risk in its own right, according to Cynthia Jackson, a partner in the […]