All Data Protection articles – Page 2

  • Article

    In cyber-security, the real enemy strikes from within


    While organizations are trying to understand their cyber-risk and how best to address it, focusing on external threats can overlook an even greater problem, say guest contributors Mark Dorosz and Jennifer Benson: security flaws from internal employees who don’t understand, or don’t care, about upholding the organization’s defenses.

  • CoverImage

    Advice for U.S. companies, post-Brexit: Keep calm and carry on


    We may be months away from clarity on what the United Kingdom’s vote to leave the EU means for U.S. companies with a multinational presence. Certain compliance challenges are inevitable in light of changing data privacy demands, labor concerns, trade and tax issues, and the prospect of starting from scratch ...

  • Article

    Preparing for the EU’s new Data Protection Rule


    Sweeping changes to the EU’s data protection laws means new compliance headaches for any U.S. company that collects and handles data on citizens of the European Union. “It’s a game changer, primarily because it sets standards that many companies haven’t had to worry about,” said Hilary Wandall, associate vice president ...

  • Article

    Mitigating Cyber-Threats From the Inside Out


    As attacks on corporate networks become more common, companies are getting more adept at protecting their most valuable assets against cyber-threats outside the company, but it’s the insider threats that continue to elude many. Inside, we walk through the difficult part of insider-threat programs: not just creating the program and ...

  • Blog

    Bills Advance to Sharpen SEC’s Small Business Focus


    The House Financial Services Committee has approved a slate of bipartisan bills and resolutions intended to “protect consumers, grow the economy, strengthen government transparency, and help lead the fight against terrorists.” Among the bills is legislation that establishes an Office for Small Business Capital Formation within the SEC and ...

  • Article

    Cloud Security Is a Challenge for Users and Providers


    As more cloud storage providers evolve from consumer-based products to enterprise-grade services, compliance challenges are evolving along with them. Before entering into a service contract, companies must determine whether their data will be safe and all is in compliance with a growing list of regulations and security frameworks. The added ...

  • Blog

    With Safe Harbor Squashed, What's Next for European Data Transfers?


    As anticipated, on Tuesday the European Court of Justice ruled the Safe Harbor program for international data transfers between the United States and European Union is invalid. While U.S. officials fret that the ruling will “undercut the ability of other countries, businesses, and citizens to rely upon negotiated arrangements with ...

  • Article

    Data Security Impasse Overturns Safe Harbor Program


    An Austrian student’s displeasure with Facebook has invalidated the longstanding trans-Atlantic Safe Harbor program for international data transfers. That complaint, originally about Facebook’s alleged cooperation in U.S. government spying, has reached the highest court and Europe and overturned 15 years of data privacy rules. Companies are left with few viable ...

  • Article

    The Global State of the Right To Be Forgotten


    More than a year after the EU established is right-to-be-forgotten principle, U.S. compliance professionals in the tech sector probably wish the decision itself could be forgotten, too. France is insisting that the principle be applied worldwide; even before that ever happens, compliance within Europe is laborious and complicated. Our latest ...

  • Article

    Suddenly, Washington Is Back at Cyber-Security Discussion


    Image: For the first time in years, Washington is abuzz with proposed changes to cyber-security disclosure, both in Congress and at the SEC. Above all, experts say, is a need to clarify terminology and expectations. “There should be minimum standards for what that security should be across the board,” says ...

  • Article

    Data Governance 101: Getting Started


    Amassing terabytes of data is easy; for most businesses, managing those valuable—and sometimes very risky—assets is the hard part. A successful data governance initiative, experts say, isn’t a project you can hand off to the IT department or solve with a software purchase. Compliance, audit, and risk executives all need ...

  • Article

    Preparing Your Board for Cyber-Security Oversight


    Every board knows its company will fall victim to a cyber-attack and, worse, that the board will need to clean up the mess and superintend the fallout. This week, guest columnist John Stark, a long-time student of cyber-security risks, breaks down the fundamentals any board must establish for cyber-security, and ...

  • Blog

    EU Data Supervisor Pushing Strengthened Privacy Laws


    Image: Title: ButtarelliThe European Union’s Data Protection Supervisor Giovanni Buttarelli told officials in Washington that the EU’s ambitious overhaul of its data regulations will “place the individual more firmly at the heart” of technology, by boosting transparency and individual control. Buttarelli said the reforms will be backed by real teeth, ...

  • Blog

    White House Unveils New Data Security Efforts


    On Monday, President Barack Obama proposed several new initiatives intended to enhance data security and combat identity theft. Among the proposals is legislation requiring companies to notify customers within 30 days when their personal information has been exposed, criminalizing the overseas trade in identities, and preventing certain uses of student ...

  • Article

    Preparing for Pay Rules, Privacy, and a New Congress


    The SEC is likely to spend 2015 churning through as much rulemaking for the Dodd-Frank Act as it can, never mind being years behind schedule on that front. To complicate matters for the agency, Congress is also likely to try repealing some parts of the law even before the SEC ...

  • Blog

    Podcast: Navigating the Pitfalls of Geolocation Data


    Uber, Snapchat, and Golden Technologies are the latest companies to come under fire for how they use the geolocation data they collect from their customers. In this week’s podcast, we talk to Fernando Bohorquez, a partner at the law firm BakerHostetler who specializes in privacy and data security issues, about ...

  • Article

    It May Be Voluntary, but NIST Framework Is a Crucial Cyber-Security Tool


    Each day, it seems another big-name company falls victim to a cyber-attack. The new framework for assessing the security flaws, developed by the National Institute of Standards and Technology, may be intended for critical-infrastructure companies, but other businesses may find that its guidance offers more help than the mélange of ...

  • Article

    Companies Struggle Over When to Report They’ve Been Hacked


    Image: When a company discovers that sensitive data has been compromised, two of the toughest decisions that it faces are whether and when to let regulators, customers, and the public know about the loss. While companies may be hesitant, government officials say they can help. “Getting search warrants, arrest warrants, ...

  • PartnerBreach

    Are Your Business Partners Letting the Hackers In?


    For Target, it was a heating and air conditioning company. At a large oil company it was a nearby Chinese restaurant. Hackers increasingly use third-party relationships to gain access to computer networks and steal data. The trend means that companies need to conduct even better due diligence on third-party relationships ...

  • Article

    The Real Data Breach Risks Are Right Under Your Nose


    While companies fret about shadowy hackers based in Russia and China hell bent on stealing customer information, employees—not cyber-criminals—pose the biggest threat to create data breaches and data loss, according to a recent study. Ungoverned and negligent file-sharing by employees is hitting epidemic proportions: More than half of respondents to ...