Data Privacy

Image: This week European officials agreed to a final text for a sweeping new data protection law. Compliance officers in the United States should brace themselves: not only does the legislation threaten huge fines and complicate corporate marketing efforts enormously; it underlines the fundamentally differing views Europeans and Americans have on privacy. Good luck, editor Matt Kelly says, building a compliance program across that gap.

Cordium, a global provider of compliance consulting, accounting, tax and software to the financial services industry, has launched a cyber-security training video to help firms protect against breaches.

Penetration testing is the exercise of testing a company’s cyber-security defenses, and finding the right “pen tester” to do that can be difficult. Learn how to find the right blend of capable, trustworthy, and innovative cyber-security professionals. More inside.

As more cloud storage providers evolve from consumer-based products to enterprise-grade services, compliance challenges are evolving along with them. Before entering into a service contract, companies must determine whether their data will be safe and all is in compliance with a growing list of regulations and security frameworks. The added challenge: vetting vendor assurances and not taking self-certifications for granted. More inside.

Regulators often say they want “reasonable” precautions when spelling out expectations on cyber-security. But with a plethora of guidance and frameworks to consider, what does that mean—and does “reasonable” depend on industry and company size? A small summit meeting of cyber-security voices debated that question in Boston recently; we have their insights and advice inside.

At its business leaders conference last month, SAS announced the launch of two new products: SAS Stress Testing solution suite and SAS CyberSecurity. Details inside.

BrandProtect, a provider of cyber-threat detection and risk mitigation solutions, this week unveiled threatSMART, the latest generation of its comprehensive suite of enterprise cyber-security services. threatSMART combines comprehensive, automated external cyber-threat monitoring, advanced analysis by the BrandProtect team of military-grade threat analysts, powerful new reporting, and numerous other usability and performance improvements like multi-language support.

An investment adviser firm in St. Louis has become the (painful) test subject for the SEC’s attitude on cyber-security matters. The case, observers say, is a warning that the agency is moving away from guidance and toward enforcement. So what will the SEC consider to be “reasonable” security efforts? Will cyber-security disclosures come under greater scrutiny? And in the forest of regulatory guidance and proclamations, which are most important?

Image: Three weeks after Europe’s top court demolished the 15-year-old Safe Harbor Program to transfer personal data from Europe to the United States, thousands of U.S. companies that used the program are still scrambling to fill data privacy gaps. “To lean back and see how things play out is not productive; you’ve got to be proactive,” says Pedro Pavón, senior corporate counsel at Oracle. Inside, a look at what options you have now.

Ethics and compliance software and services provider NAVEX Global and risk management company Ridge Global recently announced a partnership that will initially focus on delivering online training courseware to help companies educate their workforces on the growing risks associated with cyber-security and arm them with the tools they need to better protect their organizations. More inside.