All Data Privacy articles – Page 5
-
Article
Data Security Impasse Overturns Safe Harbor Program
An Austrian student’s displeasure with Facebook has invalidated the longstanding trans-Atlantic Safe Harbor program for international data transfers. That complaint, originally about Facebook’s alleged cooperation in U.S. government spying, has reached the highest court and Europe and overturned 15 years of data privacy rules. Companies are left with few viable ...
-
Blog
French Data Regulator Rejects Google’s ‘Right To Be Forgotten’ Appeal
Big news this week from France as the Commission Nationale de I’Informatique et des Libertes (CNIL) rejected Google’s appeal against the enforcement of “right to be forgotten.” If Google fails to comply with CNIL’s order, the company may be hit with sanctions, including a €300,000 fine, which could increase to ...
-
Article
Managing Cyber-Risk in the Aviation Industry
Cyber-risks are increasing everywhere, and this week we look specifically at the aerospace sector. Recent high-profile data breaches at major airlines have jolted the industry, which is trying to piece together better ways to manage the risks. “Airplanes themselves have never been more complex, never been more reliant on technology. ...
-
Blog
Banks Fear EU Privacy Rules Will Make Fraud Harder to Detect
Image: Bankers are claiming new EU privacy laws may end up doing more harm than good, as they will prevent banks from detecting fraud and terrorist financing. Consumer rights groups disagree, arguing that the updated laws will pave the way for more transparency and force banks to behave more responsibly ...
-
Article
The Global State of the Right To Be Forgotten
More than a year after the EU established is right-to-be-forgotten principle, U.S. compliance professionals in the tech sector probably wish the decision itself could be forgotten, too. France is insisting that the principle be applied worldwide; even before that ever happens, compliance within Europe is laborious and complicated. Our latest ...
-
Article
CCOs Playing a Stronger Role in Data Privacy Practices
Image: As data privacy laws proliferate, they are creating a web that traps how corporations use personal data in their operations. The challenge for compliance officers: how to play a more strategic role and ensure your business doesn’t get stuck. “The inclusion of the CCO function in defining controls related ...
-
Article
SEC Pushes New Limits on Cyber-Security, Securities Fraud
Another byproduct of life in the cyber-security age: The SEC is redefining insider trading to focus more on improper trading, even if you are a thief mining a company for inside information without actually working there. The misconduct—called, yes, “outsider trading”—seems to be an SEC-enforceable offense so far, and it ...
-
Article
Suddenly, Washington Is Back at Cyber-Security Discussion
Image: For the first time in years, Washington is abuzz with proposed changes to cyber-security disclosure, both in Congress and at the SEC. Above all, experts say, is a need to clarify terminology and expectations. “There should be minimum standards for what that security should be across the board,” says ...
-
Article
Data Governance 101: Getting Started
Amassing terabytes of data is easy; for most businesses, managing those valuable—and sometimes very risky—assets is the hard part. A successful data governance initiative, experts say, isn’t a project you can hand off to the IT department or solve with a software purchase. Compliance, audit, and risk executives all need ...
-
Article
Managing the Risky Business of Loyalty Programs
As the regulatory focus on data security expands, companies that offer customer loyalty programs should review them for red flags. How the data is stored, protected, and segmented is ripe for scrutiny, experts warn. Poorly designed loyalty programs could run afoul of antitrust laws, torpedo a merger, violate HIPAA, or ...
-
Article
Insurers Feel Fresh Heat on Cyber-Security Practices
Image: New York plan to bolster cyber-security oversight in the insurance sector, including regular, targeted assessments of cyber-security as part of its exam process. “Recent cyber-security breaches should serve as a stern wake-up call for insurers and other financial institutions to strengthen their cyber-defenses,” said New York Department of Financial ...
-
Article
An Insider Look at the EU’s Binding Corporate Rules
Companies that move data throughout Europe, or beyond its borders, face a long and exacting list of privacy and security demands. Some companies are choosing to take advantage of Binding Corporate Rules (BCRs), presenting their data compliance framework for approval by data protection authorities. BCRs, despite a lengthy approval process, ...
-
Article
When State Attorneys General Come Knocking
Sometimes a sheriff arrives from the federal government to take an enforcement action against your company, and sometimes a posse of state attorneys general follow behind, determined to investigate you too. Such is the case for JP Morgan, now being pressed by 19 states for more detail on its massive ...
-
Blog
Anthem Discloses Huge Data Breach
Health insurer Anthem said hackers gained unauthorized access to its IT systems and stole personal information relating to tens of millions of current and former members and employees. Calling it a “very sophisticated external cyber-attack,” Anthem CEO Joseph Swedish said the breach does not appear to have compromised credit card ...
-
Blog
FTC Chair Warns of Internet of Things Data Privacy Concerns
Federal Trade Commission Chairman Edith Ramirez took to the floor of the International Consumer Electronics show in Las Vegas last week to offer companies a warning about the “Internet of Things” and broadband-connected cars, wearable tech, and home appliances. Connected devices pose significant privacy and security implications, she said, urging ...
-
Blog
Podcast: Navigating the Pitfalls of Geolocation Data
Uber, Snapchat, and Golden Technologies are the latest companies to come under fire for how they use the geolocation data they collect from their customers. In this week’s podcast, we talk to Fernando Bohorquez, a partner at the law firm BakerHostetler who specializes in privacy and data security issues, about ...
-
Article
It May Be Voluntary, but NIST Framework Is a Crucial Cyber-Security Tool
Each day, it seems another big-name company falls victim to a cyber-attack. The new framework for assessing the security flaws, developed by the National Institute of Standards and Technology, may be intended for critical-infrastructure companies, but other businesses may find that its guidance offers more help than the mélange of ...
-
Blog
TD Bank to Pay $625K for Data Breach
TD Bank this week reached a $625,000 settlement with the Massachusetts Attorney General’s Office after losing unencrypted back-up tapes containing personal information of more than 260,000 consumers nationwide, and delaying notice of the incident. The final settlement amounted to $825,000, but the AG’s Office credited the bank $200,000 to reflect ...
-
Article
The Real Data Breach Risks Are Right Under Your Nose
While companies fret about shadowy hackers based in Russia and China hell bent on stealing customer information, employees—not cyber-criminals—pose the biggest threat to create data breaches and data loss, according to a recent study. Ungoverned and negligent file-sharing by employees is hitting epidemic proportions: More than half of respondents to ...