NAVEX Global: Top 10 compliance trends for 2020
A recent Webinar, and complementary report, from NAVEX Global offers a look at the top 10 risk and compliance trends for 2020.
e-Book: Firms face mounting pressure from GDPR
More firms have been stymied by the General Data Protection Regulation.
App firms, adtech industry in firing line over possible GDPR violations
The Norwegian Consumer Council, a consumer rights champion, has uncovered a serious no-no in the world of GDPR: popular apps sharing user data, such as religious beliefs and sexual preferences, to advertising and marketing firms in order to drive their own revenue.
British retailer Dixons fined for pre-GDPR breach
The ICO has fined Dixons Carphone for failing to take “basic, commonplace” security measures that would have alerted it to one of the country’s worst cyber-attacks.
Special report: Compliance 2020
CW Editor in Chief Dave Lefort offers 10 predictions on what will dominate compliance headlines in 2020.
Compliance 2020: A timeline
Compliance Week looks back at two decades of scandals, enforcement actions, and regulatory policies (2000-2019) that shaped the compliance function we see today.
Survey: CCPA still poses compliance nightmare
With the clock ticking toward the Jan. 1 implementation date, Compliance Week and ACA Aponix asked 100 compliance practitioners whether their company would be CCPA compliant by the deadline. Their collective answer? Nope.
Top ethics and compliance failures of 2019
From antitrust and privacy concerns in the tech world to compliance officer liability in the pharmaceutical industry to unethical practices in the banking and accounting professions, more than a dozen companies made Compliance Week’s list of the biggest compliance fails in 2019.
Apple, Walmart among compliance winners of 2019
Strong social stances, a dedication to doing what’s right, and leading by example highlight the qualities exemplified by our list of ethics and compliance winners of 2019.
ICO hands out first GDPR fine as BA, Marriott cases linger
The U.K. Information Commissioner’s Office has levied its first fine under the GDPR against a London-based pharmacy. Record-setting penalties announced by the ICO in July against British Airways and Marriott are still not finalized.
Top EU advisor: Clauses used for EU-U.S. data transfers ‘valid’
Big Tech can breathe a sigh of a relief that the mechanisms it uses to transfer data outside of the European Union to “third countries” provide sufficient privacy protection, according to a key advisor to the EU’s top court.
Companies deserve a break on rushed CCPA compliance
The CCPA has been rushed from the start, says CW Editor in Chief Dave Lefort, who believes the California attorney general’s plan to give leniency for companies making good-faith efforts is the right call.
Businesses seek CCPA clarity as California AG issues dire warning
In comments submitted to the California attorney general’s office, businesses seek much greater clarity on the soon-to-be-in-force California Consumer Privacy Act.
1 & 1 Telecom fined $10.6M for GDPR violations; company fights back
A German federal privacy watchdog has fined 1 & 1 Telecom €9.55 million (U.S. $10.6 million) for violations of the EU’s General Data Protection Regulation, but the company says it won’t accept the penalty.
FTC settles with four over alleged EU-U.S. Privacy Shield deception
Four companies have reached settlements with the Federal Trade Commission for allegedly misrepresenting their participation in the EU-U.S. Privacy Shield framework.
Republicans, Democrats spar over federal privacy bill
Republicans and Democrats have differing opinions on the rights and role of a federal privacy law, but both sides agreed at a Senate Commerce Committee hearing Wednesday the time to act is now.
Introducing ‘The Excellence in Compliance Awards’
Compliance Week is making some changes to its annual awards for 2020, evolving the “Top Minds” recognition into a full-blown, specifically targeted awards program dubbed “The Excellence in Compliance Awards.”
Senate Dems propose ‘clear as a bell’ U.S. privacy law
Senate Democrats have proposed a new federal data privacy bill that seeks to empower consumers and support their civil rights in the digital economy.
Regulators wary of crypto as digital assets go mainstream
Federal agencies struggle to categorize digital coins as currency, securities, commodities, property, or something else—but even as they dither, some big companies strive forward in the digital assets arena.
‘Femtech’ wanders into uncharted regulatory territory
Applications that serve women’s health needs could soon be held to a higher standard of accountability for protecting users’ data if they become classified as “covered entities” under HIPAA.
Regulators need experts in AI, too
Machine learning isn’t something that’s going to happen—it’s already happened. Ali Shah, head of tech policy at the U.K. Information Commissioner’s Office, discusses how artificial intelligence will impact regulators.
U.S. consumers express unease over personal data collection
A recent survey says a majority of Americans don’t trust data privacy policies and procedures, even while U.S. companies are hastening to enhance them in advance of the California Consumer Privacy Act’s implementation.
Privacy warfare: Competitors, consumers pose new risks
With a new wave of privacy laws empowering consumers to police their own data, companies are facing increased risk in areas they might not have considered.
Ireland vs. Big Tech: The wait continues
It’s been 18 months since the General Data Protection Regulation went into effect, and still no violations have come out of Ireland. Is the Emerald Isle dragging its feet? CW Editor in Chief Dave Lefort attempts to answer that question.
Regulators sympathetic to GDPR growing pains but expect maturity
Officials from a pair of EU data privacy sanctioning bodies stressed importance of data protection officers and good-faith efforts to comply with GDPR.
10 things you need to know about CCPA compliance
It’s go-time for compliance as the clock ticks toward the Jan. 1 effective date of the California Consumer Privacy Act.
Best practices for choosing the right data privacy software
Don’t expect a plug-and-play technology solution to this complex new problem.
Data-driven compliance can create business success
Smart uses of data analytics show companies can not only improve their compliance programs with technology, but actually create bottom-line results for their companies as well.
Microsoft updates cloud contract privacy amid EDPS probe
Microsoft has updated the privacy provisions of its commercial cloud contracts amid a European Data Protection Supervisor investigation that revealed “serious concerns” in its preliminary findings.
Proactive approach needed in today’s cyber-crime environment
An expert sheds light on behavioral science-driven solutions that help businesses prepare for a breach before it happens.
Google, Ascension defend partnership amid federal inquiry
Criticism from lawmakers in addition to a federal inquiry regarding Google’s controversial partnership with Ascension has both the tech giant and the non-profit healthcare provider firing back.
From sea to shining CCPA: Microsoft to extend privacy law across U.S.
In a blog post this week, Microsoft announced its intention to extend the core rights of the upcoming California Consumer Privacy Act to its customers across the United States.
Mistrust mars Google’s acquisition of Fitbit
Fear and frustration were prevalent among Fitbit owners after its pending acquisition by Google was announced. Given the tech giant’s recent privacy lapses, it’s tough to blame them.
Ask Amii mailbag: Steps to encourage employees to speak up
This edition of the Ask Amii mailbag offers tips on how to ensure your employees feel safe blowing the whistle, suggestions for encouraging collaboration, and advice for data managers on how to manage data ethically and responsibly in a segmented firm.
Survey: Consumers OK with retail privacy quid pro quo
Nearly three-fourths of respondents in a recent retail privacy survey said they are willing to share personal data in exchange for better pricing, special discounts, or exclusive offers.
Data protection compliance lessons from UniCredit breach
UniCredit announced its cyber-security team has identified a data breach that compromised the personal records of approximately three million clients in Italy, highlighting critical compliance lessons for those in the financial services industry.
Google facing privacy lawsuit from Australian regulator
Australia’s competition regulator has filed a lawsuit against Google for alleged misrepresentations regarding user data collected in relation to location services on Android devices.
Mastercard encourages unity with data privacy initiative
Mastercard is inviting other companies to join it in addressing individuals’ privacy rights with the launch of its Data Responsibility Imperative.
FTC proposes five amendments to NIST Privacy Framework
The FTC has submitted comment on NIST’s draft Privacy Framework, praising the agency for its proposal to help firms open a privacy dialogue and suggesting five amendments to improve upon the draft.
Seven takeaways: Privacy, Big Tech in spotlight at ICDPPC
The International Conference of Data Protection and Privacy Commissioners offered varying perspectives on the latest in data privacy and technology from the likes of regulators, experts, and campaigners.
Microsoft president: Tech companies must embrace privacy regs
At a recent data privacy event, Microsoft’s president and chief legal officer discussed the evolution of data protection rules and how new technology needs to better align with privacy regulation.
White paper: Committing to Data Privacy Compliance
California’s new data privacy law, The California Consumer Privacy Act of 2018 (CCPA), is ushering in a new era of consumer privacy protections in the U.S.
NIST provides guidance on how to bridge privacy, cyber-security processes
NIST’s new draft Privacy Framework offers much-needed guidance to help companies align their data privacy and cyber-security risk management practices.
Sen. Wyden introduces ‘strongest-ever’ privacy bill
Sen. Ron Wyden (D-Ore.) has introduced an updated version of his previously drafted data privacy bill that threatens jail time for executives at corporations that misuse Americans’ data.
White paper: Mitigate privacy risks and exploit valuable data
The new California Consumer Privacy Act (CCPA) takes effect on January 1, 2020. Ahead of this milestone – and with several States working on new data management regulations – many financial services organizations are concerned with the risks of non-compliance.
California governor gives nod of approval to 7 CCPA amendments
Amendments to the California Consumer Privacy Act add clarity, offer a BTB communication reprieve to businesses, and ensure consumers have a method for submitting more information requests.
California AG’s proposed CCPA regs leave more questions than answers
Companies subject to the California Consumer Privacy Act requirements now have 24 pages of direction on how to comply with the new law. But will that be enough?
Libra Association soldiers on after PayPal withdraws
PayPal leaving Facebook’s Libra project is just a bump in the road in the drive toward developing a global digital currency payments network, a Libra Association spokesperson says.
CCPA compliance costs projected to reach $55B
An economic impact assessment of California’s upcoming privacy law forecasts short-term disadvantages for smaller companies and emerging markets around compliance solutions and data-based product initiatives.
Webcast: Managing cookies for GDPR, CCPA compliance
As consumers’ awareness of the use of cookies and similar tracking technologies has begun to soar, global lawmakers and regulators have taken a keen interest in how companies are using website and mobile tracking – particularly in the area of consent. This has evidenced itself through enforcement actions, new EU ...