When large-scale data breaches started to proliferate more than a decade ago, security leaders called for end-to-end data encryption. But that approach no longer suffices, says First Data's Tim Horton, who calls for a new multilayered defense.
A newly disclosed collaboration between Google and the massive Ascension healthcare system that the partners say is designed to improve patient care is raising serious privacy concerns. That's because the project involves Ascension sharing with Google data on millions of its patients - without their permission.
Microsoft will apply the core rights of the California Consumer Privacy Act across all its customers in the U.S., which could nudge other technology companies in the same direction as online privacy becomes an increasing concern. The move is significant in that the technology industry has lobbied against parts of the...
Many companies around the world that accept card payments are failing to continually maintain compliance with the PCI Data Security Standard, according to the new Verizon 2019 Payment Security Report. Verizon's Rodolphe Simonetti, who contributed to the report, explains the findings.
One key step for preparing to comply with the California Consumer Privacy Act, which goes into effect in January, is determining how best to verify the identity of users, say two leaders of the Sovrin Foundation, who discuss the key issues.
The EU's General Data Protection Regulation rewrote the rules of the data privacy and breach notification game when it went into full effect last year. Now, however, numerous organizations are revisiting and refining their GDPR compliance efforts around preparation and remediation, says PwC's Polly Ralph.
Data privacy discussions must focus not just on collecting, storing and securing data, but also the impetus for doing so - and whether it is being done in an ethical manner, says consultant Thom Lagford, a former CISO, who addresses GDPR compliance issues.
In June, I wrote an in-depth story about how millions of Instagram users worldwide under 18 years old were exposing their email addresses, phone numbers or both. Instagram has finally made a change to address the issue - but it doesn't go far enough.
In December, PCI SSC plans to publish a new standard for solutions that enable "tap and go" transactions on merchant smartphones and other commercial off-the shelf mobile devices. Troy Leach, the council's CTO, offers insights on the role the standard will play in enhancing security for smaller merchants.
The latest edition of the ISMG Security Report offers an analysis of how Twitter allegedly was used to spy on critics of the Saudi Arabian government. Also featured: A preview of the new NIST Privacy Framework and an update on business email compromise attacks.
Alleged Capital One hacker Paige A. Thompson has been released from prison and will stay in a halfway house until her trial in federal court next year. Prosecutors allege that Thompson stole over 100 million records from the bank earlier this year.
By year's end, the National Institute of Standards and Technology should be ready to publish the first version of its privacy framework, a tool to help organizations identify, assess, manage and communicate about privacy risk, says NIST's Naomi Lefkovitz, who provides implementation insights.