All Data Privacy articles – Page 5
-
Blog
What Makes a Good ‘Pen Tester’
Penetration testing is the exercise of testing a company’s cyber-security defenses, and finding the right “pen tester” to do that can be difficult. Learn how to find the right blend of capable, trustworthy, and innovative cyber-security professionals. More inside.
-
Blog
Irish Data Regulator Probes Facebook’s European Privacy Practices
Image: The investigation by Ireland’s Data Protection Commissioner Helen Dixon into Austrian law student Max Schrems’ privacy complaint will continue in light of the recent decision by the European Court of Justice to invalidate the Safe Harbor program for international data transfers between the United States and the European Union. ...
-
Blog
Double Trouble in Internal Investigations After Schrems
Image: Last week another huge shift in the compliance world happened: the Schrems decision by the European Court of Justice, finding that the previously presumed European Union Safe Harbor regime is invalid. For the anti-corruption compliance practitioner, the decision is double-trouble when you consider it in light of the recent ...
-
Blog
With Safe Harbor Squashed, What's Next for European Data Transfers?
As anticipated, on Tuesday the European Court of Justice ruled the Safe Harbor program for international data transfers between the United States and European Union is invalid. While U.S. officials fret that the ruling will “undercut the ability of other countries, businesses, and citizens to rely upon negotiated arrangements with ...
-
Article
Data Security Impasse Overturns Safe Harbor Program
An Austrian student’s displeasure with Facebook has invalidated the longstanding trans-Atlantic Safe Harbor program for international data transfers. That complaint, originally about Facebook’s alleged cooperation in U.S. government spying, has reached the highest court and Europe and overturned 15 years of data privacy rules. Companies are left with few viable ...
-
Blog
French Data Regulator Rejects Google’s ‘Right To Be Forgotten’ Appeal
Big news this week from France as the Commission Nationale de I’Informatique et des Libertes (CNIL) rejected Google’s appeal against the enforcement of “right to be forgotten.” If Google fails to comply with CNIL’s order, the company may be hit with sanctions, including a €300,000 fine, which could increase to ...
-
Article
Managing Cyber-Risk in the Aviation Industry
Cyber-risks are increasing everywhere, and this week we look specifically at the aerospace sector. Recent high-profile data breaches at major airlines have jolted the industry, which is trying to piece together better ways to manage the risks. “Airplanes themselves have never been more complex, never been more reliant on technology. ...
-
Blog
Banks Fear EU Privacy Rules Will Make Fraud Harder to Detect
Image: Bankers are claiming new EU privacy laws may end up doing more harm than good, as they will prevent banks from detecting fraud and terrorist financing. Consumer rights groups disagree, arguing that the updated laws will pave the way for more transparency and force banks to behave more responsibly ...
-
Article
The Global State of the Right To Be Forgotten
More than a year after the EU established is right-to-be-forgotten principle, U.S. compliance professionals in the tech sector probably wish the decision itself could be forgotten, too. France is insisting that the principle be applied worldwide; even before that ever happens, compliance within Europe is laborious and complicated. Our latest ...
-
Article
CCOs Playing a Stronger Role in Data Privacy Practices
Image: As data privacy laws proliferate, they are creating a web that traps how corporations use personal data in their operations. The challenge for compliance officers: how to play a more strategic role and ensure your business doesn’t get stuck. “The inclusion of the CCO function in defining controls related ...
-
Article
SEC Pushes New Limits on Cyber-Security, Securities Fraud
Another byproduct of life in the cyber-security age: The SEC is redefining insider trading to focus more on improper trading, even if you are a thief mining a company for inside information without actually working there. The misconduct—called, yes, “outsider trading”—seems to be an SEC-enforceable offense so far, and it ...
-
Article
Suddenly, Washington Is Back at Cyber-Security Discussion
Image: For the first time in years, Washington is abuzz with proposed changes to cyber-security disclosure, both in Congress and at the SEC. Above all, experts say, is a need to clarify terminology and expectations. “There should be minimum standards for what that security should be across the board,” says ...
-
Article
Data Governance 101: Getting Started
Amassing terabytes of data is easy; for most businesses, managing those valuable—and sometimes very risky—assets is the hard part. A successful data governance initiative, experts say, isn’t a project you can hand off to the IT department or solve with a software purchase. Compliance, audit, and risk executives all need ...
-
Article
Managing the Risky Business of Loyalty Programs
As the regulatory focus on data security expands, companies that offer customer loyalty programs should review them for red flags. How the data is stored, protected, and segmented is ripe for scrutiny, experts warn. Poorly designed loyalty programs could run afoul of antitrust laws, torpedo a merger, violate HIPAA, or ...
-
Article
Insurers Feel Fresh Heat on Cyber-Security Practices
Image: New York plan to bolster cyber-security oversight in the insurance sector, including regular, targeted assessments of cyber-security as part of its exam process. “Recent cyber-security breaches should serve as a stern wake-up call for insurers and other financial institutions to strengthen their cyber-defenses,” said New York Department of Financial ...
-
Article
An Insider Look at the EU’s Binding Corporate Rules
Companies that move data throughout Europe, or beyond its borders, face a long and exacting list of privacy and security demands. Some companies are choosing to take advantage of Binding Corporate Rules (BCRs), presenting their data compliance framework for approval by data protection authorities. BCRs, despite a lengthy approval process, ...
-
Article
When State Attorneys General Come Knocking
Sometimes a sheriff arrives from the federal government to take an enforcement action against your company, and sometimes a posse of state attorneys general follow behind, determined to investigate you too. Such is the case for JP Morgan, now being pressed by 19 states for more detail on its massive ...
-
Blog
Anthem Discloses Huge Data Breach
Health insurer Anthem said hackers gained unauthorized access to its IT systems and stole personal information relating to tens of millions of current and former members and employees. Calling it a “very sophisticated external cyber-attack,” Anthem CEO Joseph Swedish said the breach does not appear to have compromised credit card ...
-
Blog
FTC Chair Warns of Internet of Things Data Privacy Concerns
Federal Trade Commission Chairman Edith Ramirez took to the floor of the International Consumer Electronics show in Las Vegas last week to offer companies a warning about the “Internet of Things” and broadband-connected cars, wearable tech, and home appliances. Connected devices pose significant privacy and security implications, she said, urging ...
-
Blog
Podcast: Navigating the Pitfalls of Geolocation Data
Uber, Snapchat, and Golden Technologies are the latest companies to come under fire for how they use the geolocation data they collect from their customers. In this week’s podcast, we talk to Fernando Bohorquez, a partner at the law firm BakerHostetler who specializes in privacy and data security issues, about ...