All Data Privacy articles – Page 4
-
ArticleEU-U.S. Privacy Shield passes: Now what?
For any U.S. company that collects and handles data on EU citizens, the time to review privacy policies, practices and contracts with service providers and customers is now. Jaclyn Jaeger has more.
-
Article
In cyber-security, the real enemy strikes from within
While organizations are trying to understand their cyber-risk and how best to address it, focusing on external threats can overlook an even greater problem, say guest contributors Mark Dorosz and Jennifer Benson: security flaws from internal employees who don’t understand, or don’t care, about upholding the organization’s defenses.
-
Blog
BDO expands Technology Advisory Services practice
BDO Consulting, a division of professional services organization BDO USA, has appointed Judy Selby as Managing Director in the firm’s Technology Advisory Services practice.
-
ArticleAdvice for U.S. companies, post-Brexit: Keep calm and carry on
We may be months away from clarity on what the United Kingdom’s vote to leave the EU means for U.S. companies with a multinational presence. Certain compliance challenges are inevitable in light of changing data privacy demands, labor concerns, trade and tax issues, and the prospect of starting from scratch ...
-
Blog
Rapid7 Nexpose Now offers live exposure management
Rapid7, a provider of security data and analytics solutions, announced Rapid7 Nexpose Now, a major enhancement to its vulnerability management solution that gives customers access to live risk and exposure updates as IT environments change.
-
Blog
Cyber-security due diligence: a new imperative
Weak cyber-security is as much a hallmark of corporate mismanagement as poor corporate governance, bad tone from the top, and check-the-box compliance. But by taking the due diligence aspects of cyber-security seriously, compliance officers can turn data protection into an opportunity. John Reed Stark has more.
-
Article
Former FTC Commissioner Brill on data security, privacy protections
Joe Mont speaks to Julie Brill, who for the past six years was among the FTC’s most influential commissioners and an important voice on internet privacy and data security issues. In April, she left public service to join the law firm Hogan Lovells as a partner and co-director of its ...
-
BlogEU data protection authorities concerned with EU-U.S. Privacy Shield
A draft transatlantic data transfer framework approved in February by the European Commission and the U.S. Department of Commerce received a less-than-enthusiastic response from EU data protection authorities in an opinion released today, effectively giving U.S. companies little assurance as to how they can legally transfer personal data from Europe ...
-
Article
Preparing for a HIPAA compliance audit
The Department of Health and Human Services’ Office for Civil Rights has officially kicked off its second phase of audits for covered entities and their business associates to review compliance with the Health Insurance Portability and Accountability Act’s privacy, security, and breach notification rules. CW’s Jaclyn Jaeger says healthcare CCOs ...
-
Blog
Avoiding Vanguard’s cyber-security stumble
Image: A recent incident at Vanguard in which the company unintentionally sent 71 e-mails pertaining to different customer transactions to a random Vanguard customer triggered a flawed response from the company that demonstrates how SEC-registered entities can underestimate just how difficult it is to manage customer data-related predicaments. CW’s John ...
-
Article
Healthcare, ransomware, and effective cyber-security hygiene
Imagine this: You’re a large healthcare provider whose staff is having trouble accessing vital records in your hospital’s computer network. Your IT department begins an immediate investigation and determines the cause to be a malware attack. Worse yet, the attackers are demanding ransom to obtain the decryption key. How do ...
-
Blog
Apple, the FBI and a terrorist’s iPhone
As the FBI continues its investigation into the deadly San Bernadino terror attack from last December, it has run into an unlikely adversary in Apple, which has refused the Bureau’s requests to defeat the security measures of one of the terrorists’ iPhones. While the legal struggle over this raises the ...
-
Blog
EU, U.S. Agree on New Safe Harbor Framework
The European Union and the United States have agreed on a new framework that will allow for trans-Atlantic data flows between Europe and the United States. The new arrangement will provide stronger obligations on U.S. companies to protect the personal data of Europeans and stronger monitoring and enforcement by the ...
-
Article
Preparing for the EU’s new Data Protection Rule
Sweeping changes to the EU’s data protection laws means new compliance headaches for any U.S. company that collects and handles data on citizens of the European Union. “It’s a game changer, primarily because it sets standards that many companies haven’t had to worry about,” said Hilary Wandall, associate vice president ...
-
Article
Mitigating Cyber-Threats From the Inside Out
As attacks on corporate networks become more common, companies are getting more adept at protecting their most valuable assets against cyber-threats outside the company, but it’s the insider threats that continue to elude many. Inside, we walk through the difficult part of insider-threat programs: not just creating the program and ...
-
Blog
The Big Challenge in New EU Data Protection Law: Values
Image: This week European officials agreed to a final text for a sweeping new data protection law. Compliance officers in the United States should brace themselves: not only does the legislation threaten huge fines and complicate corporate marketing efforts enormously; it underlines the fundamentally differing views Europeans and Americans have ...
-
Blog
What Makes a Good ‘Pen Tester’
Penetration testing is the exercise of testing a company’s cyber-security defenses, and finding the right “pen tester” to do that can be difficult. Learn how to find the right blend of capable, trustworthy, and innovative cyber-security professionals. More inside.
-
Blog
Irish Data Regulator Probes Facebook’s European Privacy Practices
Image: The investigation by Ireland’s Data Protection Commissioner Helen Dixon into Austrian law student Max Schrems’ privacy complaint will continue in light of the recent decision by the European Court of Justice to invalidate the Safe Harbor program for international data transfers between the United States and the European Union. ...
-
Blog
Double Trouble in Internal Investigations After Schrems
Image: Last week another huge shift in the compliance world happened: the Schrems decision by the European Court of Justice, finding that the previously presumed European Union Safe Harbor regime is invalid. For the anti-corruption compliance practitioner, the decision is double-trouble when you consider it in light of the recent ...
-
Blog
With Safe Harbor Squashed, What's Next for European Data Transfers?
As anticipated, on Tuesday the European Court of Justice ruled the Safe Harbor program for international data transfers between the United States and European Union is invalid. While U.S. officials fret that the ruling will “undercut the ability of other countries, businesses, and citizens to rely upon negotiated arrangements with ...