Compliance
Compliance | News, how-tos, features, reviews, and videos
![A gavel rests on open law book. [law / regulation / compliance / legal liability]](https://images.idgesg.net/images/article/2020/09/gavel_mallett_rests_on_open_law_book_legal_liability_risk_regulations_compliance_by_andreypopov_gettyimages-1021544574_2400x1600-100860121-medium.3x2.jpg)
![A gavel rests on open law book. [law / regulation / compliance / legal liability]](https://images.idgesg.net/images/article/2020/09/gavel_mallett_rests_on_open_law_book_legal_liability_risk_regulations_compliance_by_andreypopov_gettyimages-1021544574_2400x1600-100860121-small.3x2.jpg)
CSO's ultimate guide to security and privacy laws, regulations, and compliance
This handy directory provides summaries and links to the full text of each security or privacy law and regulation.
![Lady Justice statue with scales, law books. [regulation / compliance / legal liability / fairness]](https://images.idgesg.net/images/article/2020/09/lady_justice_statue_with_scales_law_books_legal_liability_risk_regulations_compliance_fairness_by_simpson33_gettyimages-1181406745_2400x1600-100860122-small.3x2.jpg)
Virginia data protection bill signed into law
The state is the second in the nation to enact a consumer data protection law along the lines of the EU's GDPR. Here's what businesses need to know about Virginia's CDPA.
5 ways to combat audit fatigue
The growing number of audits for security and privacy regulatory compliance is stressing security personnel and draining resources from security operations. Here's how to better manage them.
The HITECH Act explained: Definition, compliance, and violations
The Health Information Technology for Economic and Clinical Health (HITECH) Act aims to expand the use of electronic health records through incentives to health care providers and consumers. It also tightens rules on providers to...
![A hand reaches to activate controls marked with gear icons [ process / update / fix / automate ]](https://images.idgesg.net/images/article/2020/08/hand_reaches_to_activate_controls_with_gear_icons_process_development_update_fix_automate_by_putilich_gettyimages-1220461550_2400x1600-100854509-small.3x2.jpg){kind=icon}
How strong, flexible data protection controls can help maintain regulatory compliance
An effective approach to data protection controls embraces ethical standards and anticipates new requirements. Here’s how some CISOs and other experts tackle the issue.
HIPAA explained: definition, compliance, and violations
This landmark law imposes stringent privacy and security mandates on health care providers—and most of their IT vendors.
SolarWinds hack is quickly reshaping Congress’s cybersecurity agenda
More cybersecurity funding for states and Capitol, new breach reporting rules, and ransomware-related bills will likely be on the agenda for the 117th Congress.
US bulk energy providers must now report attempted breaches
US bulk energy providers must now report attempted breaches as well as successful breaches. Guidance is murky over what constitutes an "attempted" breach.
CPRA explained: New California privacy law ramps up restrictions on data use
The California Privacy Rights Act (CPRA) is a new law that toughens some data security requirements, brings California more in line with Europe's General Data Protection Regulation, and creates a new state agency—the California...
Privacy, data protection regulations clamp down on biometrics use
The highly sensitive nature of biometric data and new regulations aimed to protect it are cause to rethink how it's used for authentication.
New AI privacy, security regulations likely coming with pending federal, state bills
CISOs should prepare for new requirements to protect data collected for and generated by artificial intelligence algorithms.
EU's DORA regulation explained: New risk management requirements for financial firms
The proposed Digital Operational Resilience Act includes new incident response and third-party risk requirements for financial firms operating within the EU. Passage is expected, so plan now.
Defining data protection standards could be a hot topic in state legislation in 2021
Some states could follow the New York Shield Act’s lead and set clearer regulatory expectations for reasonable cybersecurity. Election security legislation likely not on the agenda.
Passage of California privacy act could spur similar new regulations in other states
Voters approved the California Privacy Rights and Enforcement Act (CPRA), which in part limits how organizations can use personal data. Legal experts expect other states to follow suit.
US Treasury Department ban on ransomware payments puts victims in tough position
The Treasury Department's advisory warns companies not to pay ransoms to sanctioned entities. The move complicates ransomware incident response and might encourage insurance carriers to drop ransomware coverage.
Avoiding the snags and snares in data breach reporting: What CISOs need to know
Ambiguities in a growing list of US reporting requirements keep CISOs up at night: Will they be compelled to report every breach even if they can prove the data was untouched? Experts advise on how to avoid trouble.
![The open jaws of a spring trap lie in wait. [danger / risk]](https://images.idgesg.net/images/article/2020/09/open_jaws_of_a_spring_trap_danger_risk_by_mevans_gettyimages-172979779_2400x1600-100858233-small.3x2.jpg)
Uber breach case a ‘watershed moment’ for CISOs’ liability risk
An upcoming case to determine whether the former Uber CSO failed to report a breach puts the legal liabilities of being a CISO in the spotlight. CISOs have a few options to minimize that risk.
CMMC bakes security into DoD’s supply chain, has value for all businesses
The Cybersecurity Maturity Model Certification provides a means for the DoD to certify the security capabilities of its contractors, but it's a good way to assess the cybersecurity maturity for all companies.
-
White Paper
-
eBook
Sponsored -
White Paper
-
White Paper
