Data Privacy

Image: The Obama Administration is considering new cyber-security guidance that would effectively impose stringent new reporting obligations on government contractors. That means more due diligence on third parties, and a review of contract language to see who is responsible for what. “[E]verybody is going to need to get their cyber-house in order and be attentive to these requirements,” says Phillip Seckman, a partner with law firm Dentons.

The Association of Corporate Counsel (ACC), a global legal association representing 40,000 in-house counsel in 90 countries, last week announced the launch of a new practice area committee. The ACC Information Governance Committee will foster engagement and collaboration on corporate legal departments’ role in data protection and collection, discovery procedures and records retention issues. More inside.

Accellion, a provider of private cloud solutions for secure file sharing and collaboration that ensure data security and compliance, recently announced that it has added new security and governance capabilities to its kiteworks secure content platform. Accellion’s kiteworks governance package is designed to assist enterprise organizations in demonstrating compliance with legal and regulatory demands. More inside.

Image: As data privacy laws proliferate, they are creating a web that traps how corporations use personal data in their operations. The challenge for compliance officers: how to play a more strategic role and ensure your business doesn’t get stuck. “The inclusion of the CCO function in defining controls related to things like cloud computing has yet to hit maturity,” says Marie Blake, chief compliance officer at BankUnited.

Another byproduct of life in the cyber-security age: The SEC is redefining insider trading to focus more on improper trading, even if you are a thief mining a company for inside information without actually working there. The misconduct—called, yes, “outsider trading”—seems to be an SEC-enforceable offense so far, and it has numerous implications for IT security systems. Inside, guest columnist John Reed Stark takes a closer look at the phenomenon.

Image: Gone are the days when “access control” meant locking your door or filing cabinet. Now compliance, IT, and audit teams must collaborate on controls to access networks rather than physical stores of information. Inside, we look at three best practices to design strong access control and at how to incorporate business reality. “If [you] don’t understand how the business works, all bets are off,” says Brian Barnier of ISACA.

Mimecast has announced two new measures designed to protect against spear-phishing. The first measure, Attachment Protect, and user awareness enhancements reduce the threat from malware-laden attachments and help IT teams improve employee security awareness. The second measure, Mimecast Targeted Threat Protection – URL Protect, give customers a comprehensive line of defense against the key technical and human risks from spear-phishing in one cloud-based service. Details inside.

By now every compliance officer has already heard the warning that it’s a matter of when you suffer a cyber-security breach, not if. Then comes compliance with breach disclosure rules—and those demands are becoming as perplexing as the cyber-threat itself. Overwhelmed, compliance officers are seeking ways to navigate these demands and, if possible, consolidate and simplify the training, policies, and internal controls they affect.

Law firm Akerman this week announced the launch of its newly created Data Law Practice, and the expansion of the firm’s varied services in the increasingly business critical areas of information governance, e-discovery, and data privacy and security. Details inside.