All Data Privacy articles – Page 42
-
Resource
The Elements of Privacy Risk – GRC Illustration
Organizations that handle personal information face increasingly complex challenges to effectively manage privacy risk and compliance. The impact of these challenges covers the entire information life cycle.Whether information is collected to support individual transactions, conduct research or meet legal requirements, the duty to keep that information secure and private arises. ...
-
Blog
Brainloop’s ITAR-Compliant Cloud Solution Now Available for SMBs
Brainloop, a provider of SaaS technology for the secure storage, collaboration, and exchange of confidential documents and files, announced that the ITAR-compliant Brainloop Secure Dataroom is now available for small to medium sized organizations.
-
Blog
BrandProtect Enters Into Reselling Agreement With Sayers
BrandProtect this week announced a reseller agreement with IT and security solutions consulting firm Sayers. Details inside.
-
Article
Preparing Your Board for Cyber-Security Oversight
Every board knows its company will fall victim to a cyber-attack and, worse, that the board will need to clean up the mess and superintend the fallout. This week, guest columnist John Stark, a long-time student of cyber-security risks, breaks down the fundamentals any board must establish for cyber-security, and ...
-
Blog
Why Is Cyber-Security a Process? This Is Why.
Image: Everyone stresses the importance of looking at cyber-security as a process. Well—why, exactly? How does viewing cyber-security that way help compliance and audit executives? Because, Compliance Week Editor Matt Kelly writes, cyber-threats are equally about building effective processes—to subvert yours. And until we appreciate the nature of cyber-risks, he ...
-
Article
Case Study: UCLA, Apps, and HIPAA Compliance
Companies that handle health information are subject to data privacy rules under HIPAA—rules that have grown more complex with the proliferation of mobile health applications (mHealth apps). Those that want to develop mHealth apps in a compliant manner have two options: Build a HIPAA-compliant application of your own, or buy ...
-
Article
NY Regulators Pose New Challenges to Compliance Officers
Image: The state of New York is muscling its way into financial regulation, with regulator Benjamin Lawsky proposing moves in anti-money laundering compliance far more bold than anything the feds are doing. Inside is a look at what the Empire State wants to achieve, and the potentially severe liability CCOs ...
-
Blog
Intronis Winter Release ‘15 Simplifies Hybrid Cloud Backup and Recovery
Intronis, a provider of backup and data protection solutions for the IT channel, this week announced the Winter Release ‘15 of its Intronis ECHOplatform. The Intronis Winter Release ’15 introduces several new business-building features and core functionalities designed to help channel partners better support more complex cloud, virtualized and physical ...
-
Article
Insurers Feel Fresh Heat on Cyber-Security Practices
Image: New York plan to bolster cyber-security oversight in the insurance sector, including regular, targeted assessments of cyber-security as part of its exam process. “Recent cyber-security breaches should serve as a stern wake-up call for insurers and other financial institutions to strengthen their cyber-defenses,” said New York Department of Financial ...
-
Article
An Insider Look at the EU’s Binding Corporate Rules
Companies that move data throughout Europe, or beyond its borders, face a long and exacting list of privacy and security demands. Some companies are choosing to take advantage of Binding Corporate Rules (BCRs), presenting their data compliance framework for approval by data protection authorities. BCRs, despite a lengthy approval process, ...
-
Blog
MetricStream Launches New Cyber-Security Hub
Unified Compliance, developer of the Unified Compliance Framework, and MetricStream, a provider of GRC apps, plan to launch through a joint initiative a new cyber-security hub via MetricStream’s portal ComplianceOnline.com, a GRC advisory network and online community. The cyber-security hub will consolidate and connect all major cyber-security requirements in a ...
-
Article
When State Attorneys General Come Knocking
Sometimes a sheriff arrives from the federal government to take an enforcement action against your company, and sometimes a posse of state attorneys general follow behind, determined to investigate you too. Such is the case for JP Morgan, now being pressed by 19 states for more detail on its massive ...
-
Blog
Anthem Discloses Huge Data Breach
Health insurer Anthem said hackers gained unauthorized access to its IT systems and stole personal information relating to tens of millions of current and former members and employees. Calling it a “very sophisticated external cyber-attack,” Anthem CEO Joseph Swedish said the breach does not appear to have compromised credit card ...
-
Article
SEC, FINRA Dropping Hints on Risk
Compliance officers looking to read some tea leaves about what worries the Securities and Exchange Commission these days might want to skim the 2015 exam priorities that the SEC and FINRA have posted. That guidance applies foremost to financial firms, but “it’s only a matter of time before they require ...
-
Blog
AvePoint Compliance Guardian SP 3 Helps With Data Loss Prevention
AvePoint, a provider of enterprise-class Big Data management, governance, and compliance software solutions for next-generation social collaboration platforms, has announced the general availability of AvePoint Compliance Guardian Service Pack (SP) 3. Compliance Guardian mitigates privacy, information security, and compliance risks across your information gateways with a comprehensive risk management process ...
-
Article
Latest PCI Standard Pushes Toward Risk Management
Image: Version 3.0 of the PCI Data Security Standard goes into effect this month—and maybe, just possibly, it will strengthen companies’ discipline against credit card data theft. The new standard prods companies to approach security as a continuous risk monitoring duty. “You can’t have smooth implementation until you start to ...
-
Blog
ECI Launches New Data Security Solution, PayArmor
Electronic Commerce International, a payment processing solutions provider, today announced the launch of PayArmor, a new way for companies to protect customer data from cyber criminals. PayArmor is a multi-layered suite of security and compliance services built to safeguard businesses against fraud, credit card data security breaches and to ...
-
Blog
Another Step Forward in Tackling Cyber-Security Risk
Image: Dec. 31—COSO’s Internal Control — Integrated Framework talks a good game about being useful beyond financial reporting risks, but Compliance Week Editor Matt Kelly has always wondered how that works in practice. Then came a nifty piece of guidance: a taxonomy of operational risks in cyber-security, published by the ...
-
Podcast
Podcast: Navigating the Pitfalls of Geolocation Data
Uber, Snapchat, and Golden Technologies are the latest companies to come under fire for how they use the geolocation data they colect from their customers. In this week’s podcast, we talk to Fernando Bohorquez, a partner at the law firm BakerHostetler who specializes in privacy and data security issues, about ...
-
Blog
Sony, Lesson 1: Communication Breakdown
Image: The lessons from Sony’s surrender to North Korean hackers last week are too many to count right now, so let’s start with an immediate one: understand the risks your company creates with its communication habits, and enforce smarter business practices to change them. Easy enough to say, Compliance Week ...