The need for a fancy identity-management system to control access to IT systems depends on how big and complex you are and how much pain your company can take. Linda DiPaola, with less than 500 employees to track, does just fine without any system at all. DiPaola, director of internal audit at Empire Resorts, a […]
Data Privacy
Posted inData Privacy
Finally: German Whistleblower Guidelines Released
Nearly two years after a German court ruled that Wal-Mart’s proposed whistleblower process violated German law, creating headaches for U.S. multinationals trying to implement whistleblower systems to comply with Sarbanes-Oxley, Germany has finally published its own set of guidelines for companies to impose such systems without violating local laws. Since the Wal-Mart case and two […]
Posted inData Privacy
Finally: German Whistleblower Guidelines Released
Nearly two years after a German court ruled that Wal-Mart’s proposed whistleblower process violated German law, creating headaches for U.S. multinationals trying to implement whistleblower systems to comply with Sarbanes-Oxley, Germany has finally published its own set of guidelines for companies to impose such systems without violating local laws. Since the Wal-Mart case and two […]
Posted inData Privacy
Privacy And Data Protection Risks
As technology proliferates, the amount of personal information collected, used, stored, transferred, and disposed by organizations increases. In turn, the risk that data will be breached at some point along the information lifecycle increases. Over the past few years, several laws and regulations have been enacted to encourage organizations to address these risks. Business Drivers […]
Posted inData Privacy
Battling The Wide World Of Data Breaches
There is no “typical” data breach and, unfortunately, no simple set of steps exists to secure an organization’s critical information, according to a study of 345 U.S. data breaches reported in the year ended April 1. Schmidt But companies that pay attention to technology, process and people—“the proverbial whole matrix of security,” as Howard Schmidt, […]
Posted inData Privacy
Exclusive: What Makes Transparency Sustainable?
Below is an excerpt from “Full Disclosure: The Perils and Promise of Transparency,” published this spring by Cambridge University Press. By special arrangement, the authors—Archon Fung and Mary Graham of the Kennedy School of Government, and David Weil of the Boston University School of Management—have allowed Compliance Week to publish an excerpt on what makes […]
Posted inInternal Controls
Data Breaches And SOX: Where Your Worries Are
In January, retailer TJX Cos. joined the long list of businesses tarred and embarrassed by losing sensitive customer information. One mildly consoling thought for compliance executives: loss of customer data doesn’t really harm the integrity of financial statements, so a breach doesn’t necessarily plunge you into Sarbanes-Oxley difficulties. Or does it? Actually, experts say, breaches […]
Posted inData Privacy
General Counsel Of Iron Mountain On ERM
In the latest of our occasional Q&As with governance and compliance executives, we talk to Garry Watzke, general counsel at $2 billion Iron Mountain. Click here for other recent conversations. How big is your compliance staff? What are its main responsibilities? I have a director of compliance responsible for the front-line work on compliance; the […]
Posted inData Privacy
Taking A Holistic View Of Risk And Privacy
Companies looking to purchase technology to assist in compliance efforts increasingly are turning to systems that allow them to implement controls for both governance and privacy regulations. “Customers are more mature,” says Ron Ben-Natan, chief technology officer of Guardium, a database monitoring and security company. Customers know not to treat each regulation with standalone initiatives, […]
Posted inData Privacy
Using Technology To Build Your GRC System
This month, Compliance Week and the Open Compliance and Ethics Group present the third installment of our regular series, “GRC Illustrated.” The interactive series—which features visual representations of key governance, risk, and compliance initiatives—is intended to help readers understand how to put principles into practice (Click here for information on the series). In this month’s […]
