Until now, the data security provisions of the Health Insurance Portability and Accountability Act received scant attention from regulators, particularly compared to enforcement activity for other federal information security mandates like the Sarbanes-Oxley Act or the Gramm-Leach-Bliley Act. That is beginning to change, as federal regulators complete their first HIPAA security audit and prepare to […]
Data Privacy
Posted inEthics & Culture
Ethics Online: What A Good Internet Policy Looks Like
OK, compliance and ethics directors: what would you do if your e-mail monitoring system uncovered a romantic relationship between two employees?Or what would you do if you discovered an employee was using his office computer to post corporate information—though completely banal—on his personal blog? E-mail and Internet usage—not to mention newer technologies such as blogs […]
Posted inData Privacy
Effective Access Control: Communication, Simplicity
The need for a fancy identity-management system to control access to IT systems depends on how big and complex you are and how much pain your company can take. Linda DiPaola, with less than 500 employees to track, does just fine without any system at all. DiPaola, director of internal audit at Empire Resorts, a […]
Posted inData Privacy
Finally: German Whistleblower Guidelines Released
Nearly two years after a German court ruled that Wal-Mart’s proposed whistleblower process violated German law, creating headaches for U.S. multinationals trying to implement whistleblower systems to comply with Sarbanes-Oxley, Germany has finally published its own set of guidelines for companies to impose such systems without violating local laws. Since the Wal-Mart case and two […]
Posted inData Privacy
Finally: German Whistleblower Guidelines Released
Nearly two years after a German court ruled that Wal-Mart’s proposed whistleblower process violated German law, creating headaches for U.S. multinationals trying to implement whistleblower systems to comply with Sarbanes-Oxley, Germany has finally published its own set of guidelines for companies to impose such systems without violating local laws. Since the Wal-Mart case and two […]
Posted inData Privacy
Privacy And Data Protection Risks
As technology proliferates, the amount of personal information collected, used, stored, transferred, and disposed by organizations increases. In turn, the risk that data will be breached at some point along the information lifecycle increases. Over the past few years, several laws and regulations have been enacted to encourage organizations to address these risks. Business Drivers […]
Posted inData Privacy
Battling The Wide World Of Data Breaches
There is no “typical” data breach and, unfortunately, no simple set of steps exists to secure an organization’s critical information, according to a study of 345 U.S. data breaches reported in the year ended April 1. Schmidt But companies that pay attention to technology, process and people—“the proverbial whole matrix of security,” as Howard Schmidt, […]
Posted inData Privacy
Exclusive: What Makes Transparency Sustainable?
Below is an excerpt from “Full Disclosure: The Perils and Promise of Transparency,” published this spring by Cambridge University Press. By special arrangement, the authors—Archon Fung and Mary Graham of the Kennedy School of Government, and David Weil of the Boston University School of Management—have allowed Compliance Week to publish an excerpt on what makes […]
Posted inInternal Controls
Data Breaches And SOX: Where Your Worries Are
In January, retailer TJX Cos. joined the long list of businesses tarred and embarrassed by losing sensitive customer information. One mildly consoling thought for compliance executives: loss of customer data doesn’t really harm the integrity of financial statements, so a breach doesn’t necessarily plunge you into Sarbanes-Oxley difficulties. Or does it? Actually, experts say, breaches […]
Posted inData Privacy
General Counsel Of Iron Mountain On ERM
In the latest of our occasional Q&As with governance and compliance executives, we talk to Garry Watzke, general counsel at $2 billion Iron Mountain. Click here for other recent conversations. How big is your compliance staff? What are its main responsibilities? I have a director of compliance responsible for the front-line work on compliance; the […]