Privacy by design: How to lower risk and improve outcomes
Amy Holcroft, chief privacy officer at Hewlett Packard Enterprise, shares her experience using privacy-by-design practices to help her company develop and utilize technology in a way that meets compliance requirements.
CPE Webcast: Elevating your compliance program with technology
Compliance leaders are always on the lookout for innovative ways to keep up with the dynamic risk and regulatory landscape. The efforts revolve around a common theme—integrating technological breakthroughs to achieve intelligent automation and ensure future-readiness of their compliance program.
Can compliance keep pace in a rapidly changing digital world?
In a rapidly changing digital world, thinking around compliance needs reframing. The question today is whether compliance can stay ahead of the curve.
Ask a CCO: Are you in favor of federal data privacy legislation?
It’s a clean sweep: All five CCOs we spoke with are in favor of U.S. federal data privacy legislation. Read on for the reasoning behind their answers.
‘An invaluable asset’: Participants praise opportunity for feedback via GDPR sandboxes
Regulatory sandboxes launched by EU data protection authorities provide firms the opportunity to collaborate and make use of the regulator’s expertise to reduce GDPR compliance risks.
Ask a CCO: How has your company prioritized data privacy compliance?
Five senior compliance practitioners tell us how their companies have reacted to recent privacy legislation like the GDPR, CCPA, and other state regulations in the pipeline.
Ask a CCO: What’s your strategy for preventing and detecting data breaches?
Five senior compliance practitioners outline their strategies for protecting their firms from data breaches.
Ask a CCO: How is your company reacting to cyber-risks introduced by COVID-19?
Five senior compliance practitioners tell Compliance Week how their organizations are reacting to new cyber-threats introduced by the pandemic.
Ask a CCO: What’s your role in creating/implementing cyber-security policies?
Five senior compliance practitioners share insights on their roles in implementing and overseeing cyber-security policies and procedures.
CPE Webcast: Workflow automation: Using AI in ethics & compliance programs
Artificial Intelligence is no longer a SciFi concept. With increasing adoption across corporations for workflow automation, AI elicits a lot of reactions ranging from trepidation to excitement, along with deep discussions on risks and bias.
EDPS opinion puts targeted advertising in crosshairs
The EU’s chief data regulator says planned regulations to oversee the tech sector should be tightened further to ban targeted advertising based on tracking online activity—an opinion that could prompt Big Tech and adtech firms to lobby hard against the changes.
Survey: Firms enhanced cyber-security in 2020, but not enough
Companies forced to pivot to remote work in a global health crisis spent the bulk of 2020 grappling with heightened cyber-security risks. A year later, compliance practitioners say their companies’ cyber-security postures are better for it—even in the wake of the stunning SolarWinds hack.
White paper: A Next-Generation Approach to KYC
Although crucial to the success and safety of customer onboarding, implementing and maintaining a successful KYC program can sometimes create an overwhelming administrative burden. Additionally, navigating manual verification methods is costly and prone to inaccuracy, creating greater risk of customer turnover and lost revenue.
The great privacy race? Apple, Facebook pitch data transparency
Apple and Facebook, two of the world’s most powerful companies, are jockeying over how transparent to be with their customers on whom they share users’ personal data with and what they do with it.
Survey: Pandemic pervades executives’ top 10 risks for 2021
The aftermath of the coronavirus pandemic dominates the top risks that will keep boards of directors and executive management teams on their toes in 2021, a new survey by Protiviti and NC State’s ERM Initiative finds.
SolarWinds hack turning into Pandora’s box of cyber-risk
The more we learn about the SolarWinds hack, the more troubled compliance officers should be by the scope and breadth of the risks their companies might have incurred.
Incoming IIA chief Anthony Pugliese to prioritize technology, D&I
Compliance Week caught up with Anthony Pugliese, the incoming president and chief executive officer of the Institute of Internal Auditors, to discuss his plans for the future of the IIA and the internal audit profession at large.
Spain, Italy setting new standard for GDPR enforcement
While big fines against big companies make headlines, Spain and Italy have flown under the radar as two of the most frequent enforcers of the GDPR, instead primarily focusing on smaller penalties. Might other countries follow suit?
My Compliance Library: ‘Can You Hear Me?’ a guide for virtual connections
You might not have thought you needed it, but Nick Morgan’s “Can You Hear Me?” provides some valuable advice for getting the most out of your daily virtual meetings and conversations.
CPE Webcast: Machine learning leads next-gen battle against financial crime
The complexity and pervasiveness of financial crime continues to challenge compliance functions. Machine learning can significantly bolster the efficiency and effectiveness of the function when implemented correctly, yet many financial institutions have had limited success in deploying it.
Psychology of compliance: Counteracting bias in technology
Counteracting bias is part of the compliance officer job description, and now more than ever is it important for that duty to extend to new business technologies being implemented.
Surveys: Rushing technology decisions comes with big compliance risks
Embracing technology to help manage risk and improve efficiencies is a trend that’s been developing in the compliance space for a while, but the pandemic has fast-tracked the urgency behind it, according to a couple of recent surveys.
German laptop retailer fined $12.7M under GDPR for employee surveillance
A German data regulator fined an online laptop and electronic goods retailer €10.4 million (U.S. $12.7 million) for video-monitoring employees for at least two years without legal basis.
Learning from SolarWinds: Five steps to fortify your cloud supply chain
For most companies, supply chain risk management traditionally focuses on managing physical third-party risks. But what the SolarWinds cyber-attack revealed is the catastrophic havoc fourth and fifth parties can also wreak in the often-ignored cloud supply chain.
Cyber-security lessons from the SolarWinds hack
The lessons from the massive SolarWinds hack on where vulnerabilities still lurk in the third-party vendor supply chain cannot be grasped soon enough.
Video: Twitter GDPR fine too little or just right?
Aaron Nicodemus and Dave Lefort debate whether the Irish Data Protection Commission’s €450,000 (U.S. $547,000) fine against Twitter under the GDPR is an appropriate figure or way too small for the social media company.
FinTech darling Robinhood fined $65M for misleading customers
Mobile trading app provider Robinhood Financial, which has become a disruptive force in the stock market, has agreed to pay $65 million to the SEC to settle charges of misleading customers about how it makes money and for failing to secure best sale prices.
Best practices for customized digital compliance training
Today’s volatile market, coupled with the increasing willingness of subject matter experts to collaborate, changes the game in some areas, where “build” starts to make more sense than “buy.” One area is digital compliance training.
FTC data requests could pave way to federal privacy law, experts say
FTC requests issued to nine social media and video streaming services for information about how they collect and use personal information could be a step toward the U.S. government enacting federal privacy legislation.
Twitter’s tiny $547K GDPR fine leaves many scratching their heads
Ireland’s first major decision against a Big Tech company under the GDPR has stirred controversy as the country’s data regulator hit Twitter with an underwhelming €450,000 (U.S. $547,000) fine for a 2018 data breach.
Regulators catching up on use of analytics; compliance better take notice
If your company isn’t making optimal use of data to enhance its compliance program, now is the time to start—before it’s too late.
Ask a CCO: How to meet data analytics expectations of both board and regulators
Six senior compliance practitioners share some big-picture thoughts on how their companies are using data within the context of regulators’ increased expectations in the area.
France sidesteps GDPR in fining Google, Amazon $163M combined
Data privacy watchdog CNIL utilized the French Data Protection Act in fining Google and Amazon a combined €135 million (U.S. $163 million) for illegal cookie practices, sidestepping the “one-stop shop” provision of the GDPR.
Five challenges for European CCOs heading into 2021
Many of the problems European compliance officers faced in 2020 will remain in place going into the new year, but new risks and new regulations will also present new challenges.
Top ethics and compliance failures of 2020
From a massive accounting fraud scandal in Germany to deceitful consumer tactics among China-based companies to unethical practices on the environmental front in the United States—CW’s list of the top ethics and compliance failures of 2020 spans the globe.
Five compliance triumphs from 2020
CW reveals its list of five compliance wins from the year, including Samsung for its honesty, Volkswagen for successfully wrapping up its monitorship, 3M for stellar ethics, and more.
Trio of U.K. fines expose third-party risks under GDPR
Recent GDPR fines against British Airways, Marriott, and Ticketmaster by the U.K. Information Commissioner’s Office each saw the regulator dismiss claims by the companies that third parties were primarily responsible for the data breaches in question.
CPE Webcast: Eliminate payment fraud and corruption: power of AI and compliance expertise
Accounts payable, procurement, and travel and expense-management processes are common channels to route frauds making organizations susceptible to regulatory penalties, reputational damage, financial loss, and even prosecution.
White paper: Addressing the hidden cost of embedding open source software
The digital economy has created a need in the world of software development to find new ways of delivering innovative software solutions and software updates faster than ever before. Development teams are—understandably so—increasingly using open source software.
Cryptocurrency’s future: What compliance needs to know
Cryptocurrency is complicated, but it’s not going away anytime soon. David Povey of the ICA takes a look at what regulators are trying to do and offers tips on where compliance officers can go to study this complex topic further.
Survey: Machine learning will (eventually) help win the war against financial crime
While the war against financial crime wages on, machine learning and artificial intelligence may give financial institutions the upper hand, according to a recent survey.
e-Book: Machine learning will (eventually) help win the war against financial crime
This e-Book, from Compliance Week and Guidehouse Inc., explores how the adoption of machine learning in fighting financial crime will likely explode as technology solutions become more effective and efficient—driven by work-stream prioritization, product maturity, and refinement of implementation processes.
CPE Webcast: Harnessing power of data analytics to meet compliance obligations
The updated DOJ guidance on the evaluation of compliance programs emphasizes the importance of obtaining, tracking, and acting on compliance-relevant data.
California voters approve creation of new state agency to enforce CCPA
California voters approved a ballot measure that will add new layers of responsibility for businesses attempting to comply with the state’s first-in-the-nation data privacy law, the California Consumer Privacy Act.
Choose your ending: What to do when your systems are hacked and ransom is demanded
What should you do if your firm is hit by ransomware? Choose your own ending to this tale about a clinic, a criminal, and coronavirus to learn the risks and rewards of each choice.
Corrective action could trump fines as GDPR evolves
Experts discuss whether EU data protection authorities would be better served using corrective actions other than eye-watering fines to encourage companies to commit to best (and legal) GDPR practices.
U.S. agencies get nod for using data, smart incentives in enforcement
Both the CFTC and CFPB “Nailed It” this week while corporate heavyweight General Electric found itself in more trouble.
‘Audit in Action’: BDO partner shares data analytics journey
Brian Miller, national partner of audit transformation and innovation at BDO USA, talked with Compliance Week about how the pandemic has driven adoption of technologies by BDO’s auditors.
Ask a CCO: What will compliance look like in 5 years?
We asked nine prominent chief compliance officers to look into their crystal balls, and all of them saw data and advanced technology playing a larger role in the future of the profession.
Five ways the pandemic has changed compliance—perhaps permanently
It’s a good thing you’re all experts in partnering for change, as more than 3 in 4 of you think COVID-19 will have a permanent impact on some compliance functions.