Is there anything better than being offered one year of "free" identity theft monitoring? Regularly offered with strings attached by organizations that mishandled your personal details, the efficacy and use of such services looks set for a U.S. Government Accountability Office review.
The massive data breach suffered by Equifax in 2017 "was entirely preventable," according to a report released by the House Oversight Committee's Republican majority. Some Democratic lawmakers have slammed the report for failing to advance legislative or oversight changes to help prevent breaches.
The U.K.'s privacy watchdog says that six months after enforcement of the EU's General Data Protection Regulation began, it's seen a dramatic increase in data breach reports - as well as privacy complaints from the public.
The Financial Services Sector Coordinating Council recently unveiled the Cybersecurity Profile - a framework that integrates widely used standards and supervisory expectations to help financial institutions develop cyber risk management programs. Josh Magri of the Bank Policy Institute outlines key elements.
Australia's Parliament has passed new laws enabling it to compel technology companies to break their own encryption. Although the government argued the laws are needed to combat criminal activity and terrorism, opponents argued the powers could creep beyond their scope and weaken the security of all software.
Understanding where data is stored so it can be protected, overcoming security misconfiguration and improving vendor management diligence are three top challenges for healthcare organizations, says Chris Bowen of ClearDATA.
An update on the hacking of email accounts of four senior aides within the National Republican Congressional Committee leads the latest edition of the ISMG Security Report. Also featured: An analysis of when the first major fines for violations of the EU's GDPR could be issued.
Two health IT professional associations are urging Congress to "modernize" HIPAA to extend patients' rights to securely access, view, download and transmit their health information - including health data not currently covered under HIPAA. Regulatory experts size up whether the proposed changes are feasible.
A batch of documents meant to be kept under court seal lays bare Facebook's strategic brokering of access to user data to reward partners and punish potential rivals. The material also demonstrates Facebook's views at the time on privacy and the risks of leaking data.
What are three burning questions regarding legal and compliance issues that enterprise security leaders should ponder as they head into 2019? Ed Amoroso, former CISO of AT&T and current CEO of TAG Cyber, outlines the questions and possible answers.
Enforcement of the European Union's General Data Protection Regulation began May 25. What has happened since then? And how has the privacy dialogue evolved in the U.S.? Attorney Jay Kramer shares insights on how organizations are now approaching privacy.
As of March 1, 2019, covered entities will be required to be in compliance with the New York Department of Financial Services Cybersecurity Regulation Section 500.11, the Third Party Service Provider Security Policy. What are the key requirements? Attorney Ted Augustinos, a partner at Locke Lord LLP, outlines the new...
Financial institutions of all sizes can use a new Cybersecurity Profile tool to help them comply with a variety of regulations and implement the NIST Cybersecurity Framework, says Denyette DePierro of the American Bankers Association.
In a groundbreaking effort, the attorneys general of a dozen states have jointly filed a federal lawsuit against a cloud-based electronic health records vendor that reported a 2015 data breach affecting 3.9 million individuals.