Corrective action could trump fines as GDPR evolves
Experts discuss whether EU data protection authorities would be better served using corrective actions other than eye-watering fines to encourage companies to commit to best (and legal) GDPR practices.
U.S. agencies get nod for using data, smart incentives in enforcement
Both the CFTC and CFPB “Nailed It” this week while corporate heavyweight General Electric found itself in more trouble.
‘Audit in Action’: BDO partner shares data analytics journey
Brian Miller, national partner of audit transformation and innovation at BDO USA, talked with Compliance Week about how the pandemic has driven adoption of technologies by BDO’s auditors.
Ask a CCO: What will compliance look like in 5 years?
We asked nine prominent chief compliance officers to look into their crystal balls, and all of them saw data and advanced technology playing a larger role in the future of the profession.
Five ways the pandemic has changed compliance—perhaps permanently
It’s a good thing you’re all experts in partnering for change, as more than 3 in 4 of you think COVID-19 will have a permanent impact on some compliance functions.
Companies face greater risk as GDPR class actions emerge
In the past month three of the world’s largest tech firms have been hit with legal actions that could lead to billion-dollar damages suits for alleged violations of the GDPR. Neil Hodge explores the trend and what to expect moving forward.
U.K. lawsuit seeks $3.2B from YouTube for violating children’s privacy
A first-of-its-kind lawsuit in the U.K. alleges YouTube unlawfully collects personal information from children without parental consent and harvests their data for advertising purposes, in violation of British and European data privacy laws.
Gut instinct keeps humans ahead of AI in fight against financial crime
As artificial intelligence evolves and takes on new tasks, whether it can develop the instinct of an experienced compliance professional will be key to its prevalence in the AML world, writes Martin Woods.
Ireland’s order to Facebook to halt data transfers could have ‘profound’ impact
The Irish DPC’s order to Facebook to halt the transfer of European citizens’ personal data to the United States could pose operational and legal challenges that set a precedent for not only other tech giants, but companies generally.
CPE Webcast: Debunking myths of AI & ML in TPRM technology
This webinar debunks the myths of AI and ML in third-party risk technology and drills into reality with a pragmatic application of how your data can be harnessed to support various risk management use cases.
White paper: AI-enabled real-time T&E audit analytics to drive compliance and reduce spends
Your company may be spending less on travel and entertainment expenses, but the risk of fraud and regulatory non-compliance is spiking. Without proper safeguards in place to manage T&E spend – a major operating expense – companies face costly consequences.
Credit social media giants for prepping for election chaos
Silicon Valley’s social media heavyweights deserve a nod for “war-gaming” potential misinformation scenarios in advance of November’s elections, while McDonald’s again finds itself on our “Not Lovin’ It” list.
Age of Learning to pay $10M for billing practices; ‘digital deception’ a trend?
The company that runs ABCmouse Early Learning Academy found itself in the FTC’s crosshairs for what the Commission alleges are unfair billing practices that are part of a wider problem across the internet.
CPE Webcast: Capturing, managing communications data in modern enterprise
Today’s employees and customers generate a lot of communications data, in a lot of formats and in a lot of locations, from computers and on prem servers to mobile devices and the cloud.
Survey: Automating entity management greatly reduces compliance risk
A new study from Compliance Week and Diligent finds that many companies are still using unsecure and inefficient entity management processes, leaving them vulnerable to compliance risk.
Q&A: New training takes compliance leaders on ‘non-technical’ cyber-journey
A new training offered by renown expert Paul C. Dwyer helps non-technical practitioners gain confidence in dealing with all aspects of cyber-security or cyber-risk.
Clash over draft Twitter GDPR decision exposes differences among EU authorities
As Ireland’s first GDPR decision against Big Tech hangs in limbo, experts are scratching their heads as to why a seemingly straightforward case is headed to the EU’s data governing body to rule on.
Google promotes veteran legal exec to general counsel
Embroiled in a federal antitrust investigation, tech giant Google announced the appointment of Halimah DeLaine Prado as its new general counsel.
How far is too far with employee monitoring? Barclays case could offer litmus
The U.K. Information Commissioner’s Office is investigating allegations that Barclays Bank had effectively been spying on employees by using an intrusive software system that monitored workers’ activity.
Trump’s TikTok crusade a hollow win for privacy
There’s no questioning the need to protect the data of U.S. citizens from China, but it’s naïve to think pressuring TikTok to take up a U.S. owner is anything more than a hollow victory given our lack of federal oversight in the area of privacy.
e-Book: Artificial intelligence: Risks and benefits for compliance
Artificial Intelligence (AI) tools are being deployed in numerous areas by financial institutions and broker-dealer firms.
Oracle, Salesforce targeted in class-action GDPR lawsuits
A European privacy group is pursuing multiple class-action lawsuits against Oracle and Salesforce for alleged violations of the EU’s General Data Protection Regulation, estimating damages sought could exceed €10 billion (U.S. $11.9 billion).
CPE Webcast: Future-proof your global supply chain with data & analytics
The COVID-19 pandemic has certainly changed the landscape of global risk, and many organizations are quickly adapting their third-party risk management processes as a result.
Without guidance, U.S. companies in limbo after Privacy Shield scrapped
Despite a recent court ruling to scrap the EU-U.S. Privacy Shield, the program is apparently still alive and well in the United States. It’s time to move on, writes Aaron Nicodemus.
Twitter could face up to $250M FTC fine for misuse of data
Twitter disclosed in a regulatory filing that it could face fines of up to $250 million by the Federal Trade Commission for misusing people’s personal information for advertising purposes.
Five tips for EU-U.S. data transfers post-Privacy Shield
As the fallout from the demise of the Privacy Shield continues to play out, here are a handful of steps companies can take to protect themselves from potential GDPR violations when transferring data between the European Union and the United States.
What do FIFA chief, ‘Florida man,’ and Trump have in common? All Failed It this week
The lesson in this week’s edition of “Nailed It or Failed It?” is the more things change, the more they stay the same.
IBM report: Average data breach cost nearly $4M in past year
An IBM report that examined more than 500 cyber-security breaches occurring between August 2019 and April 2020 found the average breach costs companies $3.86 million and requires nearly 300 days to identify and contain.
CPE Webcast: Digital transformation & cyber risk: What you need to know
Join Larry Ponemon, founder of Ponemon Institute, and Dave Stapleton, CISO of CyberGRX, as they discuss the impact digital transformation is having on cyber-security and some best practices you can implement to better protect your organization.
White paper: Smart Content Governance - Unleash the Power of the Modern Cloud-based Office
Now more than ever, companies need strong data governance that can be applied across multiple repositories, apps, and devices, no matter where work gets done.
Companies paying price for EU-U.S. Privacy Shield removal
The legal and financial burden for companies to comply with the recent ruling to invalidate the EU-U.S. Privacy Shield might actually be worse than first thought, if an FAQ from the European Data Protection Board is any indication.
Twitter cyber-attack should be wake-up call for firms
The recent cyber-attack directed at Twitter was the online equivalent of an explosive device being detonated. The ICA breaks down lessons learned from the hack and what firms can do to enhance their cyber-security controls.
How Twitter got hacked, and what you can learn from it
Twitter just suffered the biggest cyber-attack in its history. But is it being set up for something bigger? We explore that possibility and much more.
Europe’s top court strikes down U.S.-EU data transfer rule
In a surprise decision that will have a major impact on trans-Atlantic data transfers, Europe’s top court ruled Thursday that a mechanism used by thousands of companies to send data to the United States is unlawful.
Nailed It or Failed It? Twitter’s meltdown exposes major vulnerability
In this week’s “Nailed It or Failed It?”, we reflect on the most troubling aspect of Wednesday’s giant Twitter hack while giving Wells Fargo a rare kudos for being good corporate citizens.
Giant Twitter hack impacts Joe Biden, Barack Obama, Bill Gates, others
Perhaps the biggest Twitter hack of all time was perpetrated Wednesday against such notable figures as Joe Biden, Bill Gates, Elon Musk, former President Barack Obama, and Jeff Bezos, among others.
Study: U.S. largest target for ‘significant’ cyber-attacks
The United States has been on the receiving end of more significant cyber-attacks over the last 14 years than triple any other country, according to new research.
What regulators want to know about KYC technology
So, your company has decided to embark on an update of its legacy Know Your Customer system. Hear from experts on how to begin the process of onboarding that tech to the regulators.
Ask Amii mailbag: What to do when back-to-work guidance falls to you
Executive coach Amii-Barnard Bahn offers some tips for when your compliance title morphs into “Chief Public Health Officer,” plus ways to highlight the compliance function at your company and more.
Market forces, not regs, leading the charge for data privacy
Data privacy is about to become a more tangible concept to Americans not due to regulation like the CCPA, but because the most influential brand in the nation is making it a pillar of how it does business.
Ireland’s GDPR report shows it’s yet to hold Big Tech accountable
The Irish Data Protection Commission review of its GDPR investigations has come under fire for ignoring Big Tech and lacking information pertinent to inquiries into firms like Apple, Facebook, Google, and more.
Experts: CCPA enforcement will prioritize children’s privacy, digital marketing
What will enforcement of the California Consumer Privacy Act look like at first? Experts offer their take, in addition to providing guidance for companies still not in compliance with the landmark legislation.
CPE Webcast: Key privacy considerations for getting back to business
Throughout the pandemic, technology will play a critical role as businesses adapt to this “new normal.” One strategy industries will rely on to provide employees and consumers with peace of mind is the use of temperature screening technology.
FTC stumps for additional resources to police privacy
The FTC says it would consider creating three new units to pursue privacy enforcement investigations if Congress would increase its full-time employee headcount.
French court upholds Google’s $57M GDPR fine
The top administrative court in France shot down Google’s appeal of a €50 million (U.S. $57 million) fine the tech giant received last year for violations of the EU’s General Data Protection Regulation.
DOJ proposes rollback of legal shields for Twitter, Facebook
The Department of Justice has proposed a series of rollbacks of protections for online platforms that would encourage them to police their content.
Report slams ‘woefully lax’ cyber-security controls at CIA
Cyber-security protections deployed for some of the nation’s most secret data was “woefully lax,” according to a 2017 intelligence brief that detailed shortcomings at the CIA following the agency’s 2016 data breach.
Contact tracing app development stunted by inaction in Congress
As federal officials dicker over details in a federal data privacy law, the coronavirus continues to spread. Development of a key technological tool in the fight is being kneecapped by their inaction.
Report: AI tools carry many benefits, some risks for securities industry
A study on the use of artificial intelligence in the securities industry by FINRA found a number of challenges with the technology—data bias, customer privacy, and cyber-security among them—but noted it can offer “significant benefits.”
Data broker lawsuit involving ZoomInfo could provide CCPA enforcement insight
As the July 1 enforcement deadline of the California Consumer Privacy Act inches closer, a recently filed lawsuit between two data marketing firms may shed light on the efforts companies must take to comply with the new law.