Compliance Data Security

Compliance programs typically refer to formalized institutional procedures within corporations and organizations to detect, prevent and respond to indvidual and widespread instances of regulatory... more +
Compliance programs typically refer to formalized institutional procedures within corporations and organizations to detect, prevent and respond to indvidual and widespread instances of regulatory violations.  In response to many corporate scandals evidencing rampant unethical business practices, many nations, including the United States, began passing strict regulatory frameworks aimed at curbing these abuses. Notable pieces of legislation in this area include the U.S. Foreign Corrupt Practices Act (FCPA), Sarbanes-Oxley (SOX), and the U.K. Bribery Act, to name a few. The foregoing statutes and the severe penalties often associated with them form the basis of many modern institutional compliance programs. less -
News & Analysis as of

$750,000 Settlement Agreement Reiterates Importance of HIPAA Security Rule Compliance

On September 2, 2015, the U.S. Department of Health and Human Services ("HHS") announced that it had entered into a Settlement Agreement with an Indiana-based medical practice for alleged violations of the Health Insurance...more

Russia’s new data law

Russia’s new Data Localisation Law went live yesterday on 1 September. Many companies with operations in Russia are scratching their heads about how to comply. The Basics - The new law applies to businesses with a...more

9 Key Provisions of Outsourcing Contracts That Matter

Outsourcing, whether technical or process-centric, has become an increasingly important component of businesses of all sizes. Handing over the complexity of ever-changing systems that require increasing expertise can often...more

Privacy & Cybersecurity Update - August 2015

Third Circuit Affirms FTC’s Authority Over Cybersecurity: In the Wyndham case, the Third Circuit affirmed that the FTC has the authority to regulate cybersecurity under Section 5 of the FTC Act, and that the language of...more

Think Big Picture – minimize corporate export compliance risks while protecting your information security

Recently I have attended several cyber security conferences. What I have learned about protecting information has changed how I view export controls. Senior management and board members should think about the big picture as...more

Under the Thumb: Regulatory Compliance When Outsourcing Cybersecurity Management

Managed security services are often a natural “add-on” when outsourcing IT services given that data protection is integral to application development, software as a service, and cloud storage, among other services. More...more

New Guidance for Financial Institution Directors and Officers In Cybersecurity Preparedness

Earlier this summer, the Federal Financial Institutions Examination Council (FFIEC) released its highly anticipated Cybersecurity Assessment Tool (Assessment), which is designed to assist financial institutions in identifying...more

The Fourth European Union Anti-Money Laundering Directive and Its Effects on Financial Institutions Operating in the EU

The Fourth European Union Anti-Money Laundering Directive (Fourth AML Directive), approved by the European Parliament on May 20, 2015, went into effect on June 25, 2015, repealing the 2005 Third AML Directive. Given the...more

Seventh Circuit rules hospital system is not a Consumer Reporting Agency under FCRA

Is a hospital a “consumer reporting agency”? Can a health care provider be liable under the Fair Credit Reporting Act (FCRA) in the event of a data breach? The Seventh Circuit Court of Appeals recently considered these...more

FTC settles false safe harbor allegations with thirteen companies

The FTC has made it clear over the past year that it is serious about companies’ compliance with the US-EU and US-Swiss safe harbor programs, and has publicly stated that it is randomly reviewing company websites to ensure...more

OMB Issues Guidance on Government Contractors’ Cybersecurity Systems

The Office of Management and Budget (OMB) released a draft guidance document on Aug. 11, 2015, titled “Improving Cybersecurity Protection in Federal Acquisitions” (the “OMB Guidance”). The OMB Guidance instructs agencies on...more

The ABCs of COPPA Compliance

In today’s environment – when data breaches seem to be in the news nearly every day – the media, regulators and many others are hyper-focused on privacy issues. Schools and educational institutions are no exception when it...more

California, Nevada Expand Scope of Customer Personal Information Subject to Reasonable Security Measures

Recent statutory amendments passed in California and Nevada expanding the definition of “personal information” will significantly impact the security measures businesses operating in these states must implement when handling...more

The key to information governance success lies within the framework

There is no secret sauce to achieving information governance nirvana. The reality is someone must take ownership of an organization’s information governance program. The industry as a whole has been discussing organizations...more

SEC Issues Final Rule on Pay Ratio Disclosure

Nearly two years after issuing the proposed rule, the U.S. Securities and Exchange Commission (SEC) on August 5, 2015, adopted by a 3-2 vote, the final rule on CEO-to-median employee pay ratio disclosure in what has become...more

The Big Move Toward Big Data in Employment

The world of Big Data has arrived, and it is beginning to affect employers and their decision-making in ways undreamed of even a few years ago. Employers can access more information about their applicant pool than ever...more

Comptroller Talks Interest Rate, Compliance, and Cybersecurity Risks Facing Financial Institutions

On July 24, OCC Comptroller Curry delivered remarks before the New England Council in Boston, MA regarding the risks that financial institutions face today. Rising interest rates and regulatory compliance were two of the...more

HIPAA Security Requirements Aren't Cloudy, Especially to Whistleblowers

Earlier this month, the U.S. Department of Health and Human Services Office for Civil Rights (HHS OCR) announced that it had entered into a settlement agreement with St. Elizabeth's Medical Center (SEMC) in Brighton,...more

Legal Issues Business Leaders Need to Know in 2015: Top 10 Checklist

A compilation of time-sensitive and trending legal and regulatory issues that general counsels and business leaders should be aware of in 2015. Employers Should be Aware of Multigenerational Workforce Risk - For...more

HIPAA Settlement Regarding Use of Internet Applications

On July 10, 2015, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced a settlement agreement with St. Elizabeth's Medical Center (SEMC) in Brighton, Massachusetts, regarding potential...more

Connecticut Imposes New Data Security Obligations

New law will require consumer breach notice within 90 days, identity theft protection for consumers,“kill switch” for smartphones, and implementation of data security programs for certain health providers, state agencies and...more

OCR Enforcement Trends

On April 27, 2015, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a resolution agreement with Cornell Prescription Pharmacy (CPP) pursuant to which CPP paid a $125,000...more

Federal Trade Commission Targets Organizations with Expired U.S.-EU Safe Harbor Certifications

Organizations in the United States that certify to the U.S.-EU Safe Harbor Framework to transfer and receive personal data about residents of the European Union must annually reaffirm to the U.S. Department of Commerce that...more

Employee Benefits Developments - April 2015

Health Insurance Company’s HIPAA Breach Affects Millions. At the end of January, a national BlueCross BlueShield affiliate, Anthem, Inc., discovered that its information technology systems were hacked. The information...more

24 Results
|
View per page
Page: of 1

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×