All Data Privacy articles – Page 4

  • Article

    This is not a game: Scenario planning can help protect your organization’s reputation


    With some 4,000 cyber-attacks occurring every day, compliance officers are looking for any solution to help protect their organization from cyber-risk. A method worth considering is wargaming: a simulation that provides a live example of what a cyber-attack might look like and illustrates what can be to better protect the ...

  • PrivacyShield

    EU-U.S. Privacy Shield passes: Now what?


    For any U.S. company that collects and handles data on EU citizens, the time to review privacy policies, practices and contracts with service providers and customers is now. Jaclyn Jaeger has more.

  • Article

    In cyber-security, the real enemy strikes from within


    While organizations are trying to understand their cyber-risk and how best to address it, focusing on external threats can overlook an even greater problem, say guest contributors Mark Dorosz and Jennifer Benson: security flaws from internal employees who don’t understand, or don’t care, about upholding the organization’s defenses.

  • Blog

    BDO expands Technology Advisory Services practice


    BDO Consulting, a division of professional services organization BDO USA, has appointed Judy Selby as Managing Director in the firm’s Technology Advisory Services practice.

  • CoverImage

    Advice for U.S. companies, post-Brexit: Keep calm and carry on


    We may be months away from clarity on what the United Kingdom’s vote to leave the EU means for U.S. companies with a multinational presence. Certain compliance challenges are inevitable in light of changing data privacy demands, labor concerns, trade and tax issues, and the prospect of starting from scratch ...

  • Blog

    Rapid7 Nexpose Now offers live exposure management


    Rapid7, a provider of security data and analytics solutions, announced Rapid7 Nexpose Now, a major enhancement to its vulnerability management solution that gives customers access to live risk and exposure updates as IT environments change.

  • Blog

    Cyber-security due diligence: a new imperative


    Weak cyber-security is as much a hallmark of corporate mismanagement as poor corporate governance, bad tone from the top, and check-the-box compliance. But by taking the due diligence aspects of cyber-security seriously, compliance officers can turn data protection into an opportunity. John Reed Stark has more.

  • Article

    Former FTC Commissioner Brill on data security, privacy protections


    Joe Mont speaks to Julie Brill, who for the past six years was among the FTC’s most influential commissioners and an important voice on internet privacy and data security issues. In April, she left public service to join the law firm Hogan Lovells as a partner and co-director of its ...

  • PrivacyShield_0

    EU data protection authorities concerned with EU-U.S. Privacy Shield


    A draft transatlantic data transfer framework approved in February by the European Commission and the U.S. Department of Commerce received a less-than-enthusiastic response from EU data protection authorities in an opinion released today, effectively giving U.S. companies little assurance as to how they can legally transfer personal data from Europe ...

  • Article

    Preparing for a HIPAA compliance audit


    The Department of Health and Human Services’ Office for Civil Rights has officially kicked off its second phase of audits for covered entities and their business associates to review compliance with the Health Insurance Portability and Accountability Act’s privacy, security, and breach notification rules. CW’s Jaclyn Jaeger says healthcare CCOs ...

  • Blog

    Avoiding Vanguard’s cyber-security stumble


    Image: A recent incident at Vanguard in which the company unintentionally sent 71 e-mails pertaining to different customer transactions to a random Vanguard customer triggered a flawed response from the company that demonstrates how SEC-registered entities can underestimate just how difficult it is to manage customer data-related predicaments. CW’s John ...

  • Article

    Healthcare, ransomware, and effective cyber-security hygiene


    Imagine this: You’re a large healthcare provider whose staff is having trouble accessing vital records in your hospital’s computer network. Your IT department begins an immediate investigation and determines the cause to be a malware attack. Worse yet, the attackers are demanding ransom to obtain the decryption key. How do ...

  • Blog

    Apple, the FBI and a terrorist’s iPhone


    As the FBI continues its investigation into the deadly San Bernadino terror attack from last December, it has run into an unlikely adversary in Apple, which has refused the Bureau’s requests to defeat the security measures of one of the terrorists’ iPhones. While the legal struggle over this raises the ...

  • Blog

    EU, U.S. Agree on New Safe Harbor Framework


    The European Union and the United States have agreed on a new framework that will allow for trans-Atlantic data flows between Europe and the United States. The new arrangement will provide stronger obligations on U.S. companies to protect the personal data of Europeans and stronger monitoring and enforcement by the ...

  • Article

    Preparing for the EU’s new Data Protection Rule


    Sweeping changes to the EU’s data protection laws means new compliance headaches for any U.S. company that collects and handles data on citizens of the European Union. “It’s a game changer, primarily because it sets standards that many companies haven’t had to worry about,” said Hilary Wandall, associate vice president ...

  • Article

    Mitigating Cyber-Threats From the Inside Out


    As attacks on corporate networks become more common, companies are getting more adept at protecting their most valuable assets against cyber-threats outside the company, but it’s the insider threats that continue to elude many. Inside, we walk through the difficult part of insider-threat programs: not just creating the program and ...

  • Blog

    The Big Challenge in New EU Data Protection Law: Values


    Image: This week European officials agreed to a final text for a sweeping new data protection law. Compliance officers in the United States should brace themselves: not only does the legislation threaten huge fines and complicate corporate marketing efforts enormously; it underlines the fundamentally differing views Europeans and Americans have ...

  • Blog

    What Makes a Good ‘Pen Tester’


    Penetration testing is the exercise of testing a company’s cyber-security defenses, and finding the right “pen tester” to do that can be difficult. Learn how to find the right blend of capable, trustworthy, and innovative cyber-security professionals. More inside.

  • Blog

    Irish Data Regulator Probes Facebook’s European Privacy Practices


    Image: The investigation by Ireland’s Data Protection Commissioner Helen Dixon into Austrian law student Max Schrems’ privacy complaint will continue in light of the recent decision by the European Court of Justice to invalidate the Safe Harbor program for international data transfers between the United States and the European Union. ...

  • Blog

    Double Trouble in Internal Investigations After Schrems


    Image: Last week another huge shift in the compliance world happened: the Schrems decision by the European Court of Justice, finding that the previously presumed European Union Safe Harbor regime is invalid. For the anti-corruption compliance practitioner, the decision is double-trouble when you consider it in light of the recent ...