The FTC has extended the deadline for commissioners to make a ruling on whether to affirm or overturn an initial decision last year by an FTC administrative law judge to dismiss a data security case against cancer testing lab LabMD.
Apple is building "differential privacy" into iOS 10 to try and block attempts to identify or track individual users based on their behavior, keyword searches or other activities. But will the functionality perform as advertised?
A settlement between the Federal Trade Commission and Practice Fusion, an electronic health records system vendor, serves as a reminder that regulations other than HIPAA apply to protecting patient privacy, says attorney Adam Greene, a healthcare regulations expert.
The HHS Office for Civil Rights, which enforces HIPAA, is urging healthcare organizations and business associates to take steps to better address vulnerabilities in third-party software applications that pose a risk to patient data security.
Is SWIFT now playing good cop/bad cop? While it initially promised to not police the financial services industry, it's now considering training auditors and suspending banks found to have poor information security practices.
ISMG editors, in a special report, examine the status of data breach notification laws in a number of regions, including the European Union, which this past week implemented the General Data Protection Regulation, although enforcement won't take place for two years.
Since California passed its pioneering data breach notification law in 2003, many other states and some countries have followed suit. Here's a closer look at the status of breach notification requirements in four regions.
Troy Hunt, who runs one of the most prominent services for discovering if your data has been exposed in a breach, shares his thoughts on LinkedIn's recent breach and how his approach to disseminating data breach details continues to evolve.
Start preparing immediately for the EU's new General Data Protection Regulation - even though it doesn't go into force for two more years - because it mandates a number of new privacy and security requirements, warns cybersecurity expert Brian Honan.
After years of debate, the EU's General Data Protection Regulation has finally passed. What impact - if any - will the GDPR have on business and future legislation in India? Security experts weigh in on this debate.
The College of Healthcare Information Management Executives is calling on Congress to create financial incentives for healthcare providers to boost their cybersecurity. Leslie Krigstein of CHIME offers examples of potential incentives in this in-depth audio report.
LinkedIn failed to force all users to reset their passwords after a 2012 breach of at least 6.5 million credentials came to light. But it turns out the breach actually compromised 167 million accounts. Whoops.
Neither Australia nor New Zealand currently has laws on the books requiring organizations to notify people affected by data breaches. But both countries do say they are committed to introducing that requirement.
The manufacturers of wearable health devices should incorporate key privacy and security best practices into the R&D of their products, says privacy advocate Michelle De Mooy of the Center for Democracy & Technology, who describes recommendations in a new study.