All Privacy articles – Page 3
-
Article
Managing Cyber-Risk in the Healthcare Industry
Image: Recent high-profile data breaches at several major healthcare providers have jolted the industry, which is trying to piece together better ways to manage the risks. “As opposed to an organization trying to invest more money in firewalls or other types of technical solutions to protect against an intrusion, at ...
-
Blog
What Makes a Good ‘Pen Tester’
Penetration testing is the exercise of testing a company’s cyber-security defenses, and finding the right “pen tester” to do that can be difficult. Learn how to find the right blend of capable, trustworthy, and innovative cyber-security professionals. More inside.
-
Article
Cloud Security Is a Challenge for Users and Providers
As more cloud storage providers evolve from consumer-based products to enterprise-grade services, compliance challenges are evolving along with them. Before entering into a service contract, companies must determine whether their data will be safe and all is in compliance with a growing list of regulations and security frameworks. The added ...
-
Article
The Key Cyber-Security Question: What Is ‘Reasonable’?
Regulators often say they want “reasonable” precautions when spelling out expectations on cyber-security. But with a plethora of guidance and frameworks to consider, what does that mean—and does “reasonable” depend on industry and company size? A small summit meeting of cyber-security voices debated that question in Boston recently; we have ...
-
Article
Enforcement Action May Be Omen of SEC’s Cyber-Security Plans
An investment adviser firm in St. Louis has become the (painful) test subject for the SEC’s attitude on cyber-security matters. The case, observers say, is a warning that the agency is moving away from guidance and toward enforcement. So what will the SEC consider to be “reasonable” security efforts? Will ...
-
Article
Mending the Data Privacy Gaps of the EU Safe Harbor Ruling
Image: Three weeks after Europe’s top court demolished the 15-year-old Safe Harbor Program to transfer personal data from Europe to the United States, thousands of U.S. companies that used the program are still scrambling to fill data privacy gaps. “To lean back and see how things play out is not ...
-
Blog
Transforming the Cyber-Security Paradigm
Though data breaches are inevitable, companies still remain too focused on fortification rather than response, failing to adopt to the harsh realities of rapidly emerging international and multifarious cyber-security threats. Inside, columnist John Reed Stark recommends a three-step cyber-security transformation for companies to undertake to combat recent rapidly evolving cyber-dangers.
-
Article
SEC Faces New Obstacles in e-Discovery Efforts
As the SEC ferrets out inside traders and Ponzi schemers of the Internet Age, more voices are saying the agency has too much leeway to gather electronic records against investigation targets. Congress is mulling legislation to curb SEC power to get e-mail from Internet service providers; federal judges are applying ...
-
Article
Data Security Impasse Overturns Safe Harbor Program
An Austrian student’s displeasure with Facebook has invalidated the longstanding trans-Atlantic Safe Harbor program for international data transfers. That complaint, originally about Facebook’s alleged cooperation in U.S. government spying, has reached the highest court and Europe and overturned 15 years of data privacy rules. Companies are left with few viable ...
-
Article
Calls for More Data Sharing to Step Up Terrorism Fight
Washington wants Corporate America to step up its attention to terrorism risk. That was the message at a recent congressional hearing, the latest instance of voices saying business and government should cooperate to uncover terrorists’ sophisticated financing schemes. “Most of the early warning signs reside with the private sector, and ...
-
Blog
Banks Fear EU Privacy Rules Will Make Fraud Harder to Detect
Image: Bankers are claiming new EU privacy laws may end up doing more harm than good, as they will prevent banks from detecting fraud and terrorist financing. Consumer rights groups disagree, arguing that the updated laws will pave the way for more transparency and force banks to behave more responsibly ...
-
Article
More Cyber-Security Guidelines for Govt Contractors
Image: The Obama Administration is considering new cyber-security guidance that would effectively impose stringent new reporting obligations on government contractors. That means more due diligence on third parties, and a review of contract language to see who is responsible for what. “[E]verybody is going to need to get their cyber-house ...
-
Article
SEC Pushes New Limits on Cyber-Security, Securities Fraud
Another byproduct of life in the cyber-security age: The SEC is redefining insider trading to focus more on improper trading, even if you are a thief mining a company for inside information without actually working there. The misconduct—called, yes, “outsider trading”—seems to be an SEC-enforceable offense so far, and it ...
-
Article
The Keys to Better Access Control Systems
Image: Gone are the days when “access control” meant locking your door or filing cabinet. Now compliance, IT, and audit teams must collaborate on controls to access networks rather than physical stores of information. Inside, we look at three best practices to design strong access control and at how to ...
-
Article
Mending Social Media Compliance Gaps
Two recent studies hold both good and bad news on the state of social media compliance today: Compliance officers no longer approach corporate use of social media with the trepidation they once did, but those channels leave companies increasingly vulnerable to regulatory violations. According to these studies, the financial services ...
-
Article
How to Simplify Cyber-Security Controls Amid Abundant Laws
By now every compliance officer has already heard the warning that it’s a matter of when you suffer a cyber-security breach, not if. Then comes compliance with breach disclosure rules—and those demands are becoming as perplexing as the cyber-threat itself. Overwhelmed, compliance officers are seeking ways to navigate these demands ...
-
Article
Avoiding the Pitfalls of Data Mining
In recent months, numerous companies have found themselves the target of legal and enforcement actions for obtaining or using personal data without consent. The kicker: Most of these actions could have been easily avoided, since most of the infractions were clear violations of contract law. “If companies simply complied with ...
-
Article
The Workflows You Need to Use After a Data Breach
Compliance officers have enough scrambling to do after a data breach. Not understanding the steps to take, or not being in proper position to take them, only makes matters worse. Inside, guest columnist John Reed Stark walks through all the steps your company needs to take—including those to take before ...
-
Article
FSOC Report Offers Tea Leaves for Future Regulatory Focus
What are the top threats to the U.S. financial system? In a new report, the Financial Stability Oversight Council cites cyber-security, financial innovations, and high-frequency trading among the problems regulators must address. Critics fret, however, that the agency wants “to get rid of the capital markets and replace everything with ...
-
Blog
White Defends Subpoenaing ISPs for E-Mails
Image: The SEC has long opposed efforts to modernize the Electronic Communications Privacy Act of 1986, fearing it could lose the ability to subpoena internet service providers for e-mails. Although ISP subpoenas are currently on hold, privacy concerns could harm investigations, Chairman Mary Jo White told a Congressional sub-committee.