Regulation
Regulation | News, how-tos, features, reviews, and videos
White House releases an ambitious National Cybersecurity Strategy
The Biden administration's National Cybersecurity Strategy calls for more regulation on critical infrastructure providers and holds software providers accountable for their insecure products.
What CISOs need to know about the renewal of FISA Section 702
Section 702 of the Foreign Intelligence Surveillance Act sets out the rules for the US intelligence community around gathering information abroad—but is it inadvertently being used at home too?
US DOJ applies carrot-and-stick approach to Foreign Corrupt Practices Act policy
Corporations (and their CISOs) that discover wrongdoing or corruption within their own business are well-advised to self-report such activities and cooperate with prosecutors. The stakes are high for those who don’t.
New UN cybercrime convention has a long way to go in a tight timeframe
Nations around the world are hammering out a new cybercrime convention, but some UN members seek to criminalize activities that are not bona fide crimes.
European data protection authorities issue record €1.65 billion in GDPR fines
DLA Piper’s GDPR and Data Breach survey shows a 50% increase in fines in the last 12 months. Data protection authorities turning their focus to artificial intelligence.
Meta hit with $413 million fine in EU for breaking GDPR rules
Regulatory wrangling results in a huge new fine over Facebook and Instagram data handling, even as Meta vows to appeal and EU data protection groups prepare for a court battle.
The top 12 tech stories of 2022
The year highlighted how vulnerable the technology sector is to the vagaries of geopolitics and the macroeconomy, as IT giants laid off workers, regulators cracked down on tech rule-breakers, nations negotiated data security...
Microsoft’s EU data boundary plan to take effect Jan. 1
The plan, which covers Microsoft products and services such as Azure, Power BI, Dynamics 365 and Office 365, will allow customers to store and process their customer data within the EU.
European Commission takes step toward approving EU-US data privacy pact
The EU-US Data Privacy Framework—drafted to allow the flow of data between the US and the European Union—has cleared the first hurdle on its way to approval in the EU, but criticism of the pact makes it far from a done deal.
PCI Secure Software Standard version 1.2 sets out new payment security requirements
Changes include the Web Software Module to help payment software vendors and developers identify and implement security controls to protect against attacks.
US Congress rolls back proposal to restrict use of Chinese chips
After business groups argued that proposed legislation to curb use of Chinese-made semiconductors would hurt national security, lawmakers amended it—but a final vote and the president's approval of the proposed National Defense...
EU Council adopts NIS2 directive to harmonize cybersecurity across member states
The NIS2 directive replaces NIS as EU Council seeks to improve resilience and incident response capacities in the EU.
PCI DSS 4.0 is coming: how to prepare for the looming changes to credit card payment rules
New credit card payment processing rules will tighten security and offer more flexibility for enterprises. While they won’t come into full effect until 2025, experts say there are significant changes and recommend that consumer-facing...
EU-US data sharing agreement: Is it a done deal?
With both Privacy Shield and Safe Harbor having been previously struck down by legal challenges, experts question whether US President Biden’s executive order implementing the new Trans-Atlantic Data Policy Framework will stand up to...
Security and privacy laws, regulations, and compliance: The complete guide
This handy directory provides summaries and links to the full text of each security or privacy law and regulation.
PCI DSS explained: Requirements, fines, and steps to compliance
PCI DSS (Payment Card Industry Data Security Standard) is a cybersecurity standard backed by all the major credit card and payment processing companies that aims to keep credit and debit card numbers safe.
How GDPR has inspired a global arms race on privacy regulations
Companies with a global presence face the challenge of achieving compliance with an increasing array of regional data-protection regulations.