Compliance & Risk Management

The Chinese government has just passed a cybersecurity law that has broad implications for international businesses. The move comes with great criticism, with some calling the law “draconian” and “abusive” while others note the law is “vague” enough to spark worries of “censorship and espionage.” The legislation was passed on Monday, set to take effect in June 2017. Move to Counter Hacking and Terrorism The Chinese government adopted the...

We’ve posted many times about the importance of having a data breach response plan in place. Indeed, the FTC just released its own guidance on data breach response. A new study, however, demonstrates that “having a response plan is simply not the same as being prepared,” particularly if that response plan is not kept up to date. New Ponemon Survey Ponemon surveyed 619 executives and staff employees who work...

There is a rapid enterprise movement toward the cloud, and yet such movement has remained uncoordinated. Gartner estimates that less than one-third of enterprises have a documented cloud strategy. This has led to an explosive growth in Shadow IT and Shadow data as well as application development that is uncoordinated and inefficient. When it comes to the current security landscape, Gartner research has identified that SaaS applications are often...

The Federal Trade Commission (FTC) and the Office for Civil Rights (OCR) have jointly released a guide on the importance of complying with both HIPAA and the FTC Act. The guide reminds healthcare organizations to comply with both regulations as investigations or fines for non-compliance are assessed independently by each agency. The document re-asserts the FTC’s authority over HIPAA-covered entities. It is yet another instance where the FTC is...

The PCI Security Standards Council (SSC) recently compiled some resources on how to create a Culture of Cybersecurity. These resources reflect changes made to the PCI Data Security Standards (DSS) that require executive responsibility for data security. The PCI SSC regularly updates its standards based on feedback from the PCI Council’s more than 700 global participating organizations as well as data breach report findings and industry changes. The most recent release...