Compliance

Compliance | News, how-tos, features, reviews, and videos

A virtual checkmark in digital system / standards / quality control / certification / certificates

HITRUST explained: One framework to rule them all

HITRUST is a cybersecurity framework that seeks to unify the rules for many other existing regulatory and industry frameworks, including HIPAA, GDPR, PCI-DSS, and more.

data pipeline primary

TSA’s pipeline cybersecurity directive is just a first step experts say

The new, hastily announced security directive requires US pipeline companies to appoint a cybersecurity coordinator and report possible breaches within 12 hours.

President Joe Biden delivers remarks about the Colonial Pipeline hack. [Washington / 2021.05.13]

Biden administration releases ambitious cybersecurity executive order

Though lacking in definitional clarity, this new executive order might be more effective than past federal efforts, especially in the wake of the Colonial Pipeline attack.

power plant utilities energy innovation industrial iot american public power association unsplash

Biden administration releases 100-day plan to address electric system cybersecurity risks

The plan focuses largely on supply chain risks to the electric grid, requests input on the DOE's role in coordinating cybersecurity efforts.

Unitd States cybersecurity   >   U.S. flag with a digital network of locks instead of stars

Experts fear that Biden’s cybersecurity executive order will repeat mistakes of the past

President Biden is expected to issue an executive order soon in response to the SolarWinds and Exchange Server attacks. Leaked details suggest it might not focus on the most effective actions.

A gavel rests on open law book. [law / regulation / compliance / legal liability]

States enact safe harbor laws against cyberattacks, but demand adoption of cybersecurity frameworks

Connecticut might soon follow Ohio and Utah by enacting a law that offers liability protection against ransomware and other cyberattacks, but only if victims follow security best practices.

Lady Justice statue with scales, law books. [regulation / compliance / legal liability / fairness]

Virginia data protection bill signed into law

The state is the second in the nation to enact a consumer data protection law along the lines of the EU's GDPR. Here's what businesses need to know about Virginia's CDPA.

audit binary compliance magnifying glass investigate

5 ways to combat audit fatigue

The growing number of audits for security and privacy regulatory compliance is stressing security personnel and draining resources from security operations. Here's how to better manage them.

healthcare data breach / medical patient privacy security violation

The HITECH Act explained: Definition, compliance, and violations

The Health Information Technology for Economic and Clinical Health (HITECH) Act aims to expand the use of electronic health records through incentives to health care providers and consumers. It also tightens rules on providers to...

A hand reaches to activate controls marked with gear icons [ process / update / fix / automate ]

How strong, flexible data protection controls can help maintain regulatory compliance

An effective approach to data protection controls embraces ethical standards and anticipates new requirements. Here’s how some CISOs and other experts tackle the issue.

medical data accessed via tablet / healthcare IoT monitoring

HIPAA explained: definition, compliance, and violations

HIPAA (the Health Insurance Portability and Accountability Act) is a law passed in 1996 that imposes stringent privacy and security mandates on health care providers—and most of their IT vendors.

United States Capitol building / United States Congress / abstract security concept

SolarWinds hack is quickly reshaping Congress’s cybersecurity agenda

More cybersecurity funding for states and Capitol, new breach reporting rules, and ransomware-related bills will likely be on the agenda for the 117th Congress.

power plant utilities energy innovation industrial iot american public power association unsplash

US bulk energy providers must now report attempted breaches

US bulk energy providers must now report attempted breaches as well as successful breaches. Guidance is murky over what constitutes an "attempted" breach.

CCPA | California Consumer Privacy Act  >  Satellite view of California's network of lights / lock

CPRA explained: New California privacy law ramps up restrictions on data use

The California Privacy Rights Act (CPRA) is a new law that toughens some data security requirements, brings California more in line with Europe's General Data Protection Regulation, and creates a new state agency—the California...

digital fingerprint / binary code

Privacy, data protection regulations clamp down on biometrics use

The highly sensitive nature of biometric data and new regulations aimed to protect it are cause to rethink how it's used for authentication.

ethical ai artificial intelligence algorithms

New AI privacy, security regulations likely coming with pending federal, state bills

CISOs should prepare for new requirements to protect data collected for and generated by artificial intelligence algorithms.

risk assessment - safety analysis - security audit

EU's DORA regulation explained: New risk management requirements for financial firms

The proposed Digital Operational Resilience Act includes new incident response and third-party risk requirements for financial firms operating within the EU. Passage is expected, so plan now.

A gavel rests on open law book. [law / regulation / compliance / legal liability]

Defining data protection standards could be a hot topic in state legislation in 2021

Some states could follow the New York Shield Act’s lead and set clearer regulatory expectations for reasonable cybersecurity. Election security legislation likely not on the agenda.

California Consumer Privacy Act  / CCPA  >  State flag superimposed on map and satellite view

Passage of California privacy act could spur similar new regulations in other states

Voters approved the California Privacy Rights and Enforcement Act (CPRA), which in part limits how organizations can use personal data. Legal experts expect other states to follow suit.

Ransomware  >  A masked criminal ransoms data for payment.

US Treasury Department ban on ransomware payments puts victims in tough position

The Treasury Department's advisory warns companies not to pay ransoms to sanctioned entities. The move complicates ransomware incident response and might encourage insurance carriers to drop ransomware coverage.

Load More
You Might Also Like