In a move expected to clear a path for companies seeking to implement whistleblower systems in France that will comply with both the Sarbanes-Oxley Act and French data protection laws, the French Data Protection Agency has set up a means to let companies get the required approval of their systems online. As expected, the Commission […]
Data Privacy
Posted inData Privacy
FTC Enforcement Raises Questions On Data Security
The Federal Trade Commission seems to be stepping up enforcement activity against companies that don’t safeguard customer data, and has heightened expectations for how that data must be protected. Until recently, the FTC only targeted companies that had broken promises they had made regarding data security, notes Deborah Birnbach, a partner with the law firm […]
Posted inData Privacy
MIT Researcher Talks IT Risk And Impact On Enterprise
Companies engaged in risk assessments typically review financial and operational risks, sometimes at the expense of technical risks. We recently tracked down and spoke with Dr. George Westerman—a researcher at the Center for Information Systems Research at MIT’s Sloan School of Business—to hear about his research into IT risk and effective risk management practices. An […]
Posted inData Privacy
Companies Deal With New Data Security Regulations
In today’s corporate digital world, where paranoia over data security abounds, at least one business believes in the value of getting inside a person’s head—and it may be onto something. First Financial Credit Union, serving 70,000 members in California, falls under data-security regulations mandated by the Graham-Leach-Bliley Act. Also known as the Financial Modernization Act, […]
Posted inData Privacy
Email Security Poses IT And Compliance Obstacles
In the world of compliance, securing email is a lot like sex: everybody does it, few discuss it, and none really know whether their technique is quite right. By comparison, many other compliance challenges pose relatively simple obstacles for IT staff. A finance application, for example, can be sealed off from workers without proper access […]
Posted inData Privacy
Compliance From Below: Cos. Enforce Own Standards
When Congress passes laws like The Sarbanes-Oxley Act, companies have little choice but to comply, even if the regulations impose significant incremental business costs. Legislators legislate—those affected must go along or face sanctions. The only saving grace is the fact that the legislative process provides an opportunity for companies to lobby on behalf of their […]
Posted inData Privacy
Q&A With Chief Compliance Officer At $1.9b Scotts Co.
This profile is the latest in a series of weekly conversations with executives at U.S. public companies who are currently involved in establishing and developing compliance programs. An index of previous conversations is available here. So, is it true that you once showed Scotts’ chief executive pictures of other CEOs doing the perp walk for […]
Posted inBoards & Shareholders
Compliance Committees Vary In Scope, Structure
As regulatory compliance increases in complexity, many companies are assembling committees to coordinate and oversee such efforts. COMMITTEE EXAMPLES Below are examples of several compliance committees at public companies, including their structure, membership and function: Altria Corporation Committee Structure: The parent company committee has about 30 members, including the CCO of each operating company, the […]