Compliance News, Articles and Updates

New concerns over user data sharing leads Facebook to suspend analytics firm Crimson Hexagon

Crimson Hexagon, a company that generates consumer insights from public social media posts, has been suspended from Facebook while the social media giant evaluates whether the data collection firm violated Facebook policies.

Equifax agrees to cybersecurity regulations set forth by 8 U.S. States

Regulators in Alabama, California, Georgia, Maine, Massachusetts, New York, North Carolina and Texas set in place specific steps the credit bureau must follow.

Google assures users it's ready for GDPR

Google announced its plans detailing how it will handle customer data to comply with GDPR requirements after May 25.

GDPR: It's (just about) here

Like many college students who cram the night before a test - and some writers who test the limits of their editors' patience with their procrastination - many companies have pushed off GDPR compliance, believing either it doesn't apply to them, it's too costly or overwhelming or they can afford to wait and see just how serious regulators are about admonishing and fining companies who falter on privacy. Big mistake.

ISO decides not to approve two NSA encryption algorithms, citing trust issues

The International Organization for Standardization (ISO) decided not to approve the NSA encryption algorithms Speck and Simon.

China's controversial cybersecurity law goes into effect

China's new cybersecurity law went into effect on June 1, subjecting companies to stringent data privacy and protection guidelines, as key questions linger around how it will be enforced, and how businesses will be able to comply.

Lawmakers, rights groups react after Senate votes to kill FCC privacy protections

Digital rights and privacy groups reacted with indignation after the U.S. Senate passed a joint resolution that would undo FCC rules banning telecom and ISP companies from selling consumers' data without their consent.

Survey: Organizations deploying emerging tech without ensuring data security first

In a classic case of putting the cart before the horse, too many organizations are deploying emerging technologies before they can shore up appropriate levels of data security, according to a new report from Thales e-Security and 451 Research.

New York State revises its sweeping cyber regulation proposal for financial sector

The New York State Department of Financial Services (DFS) on Wednesday released a revised draft of an ambitious regulation designed to protect the state and its citizens from cyberattacks against financial institutions.

Mastercard and Visa push EMV liability deadline to 2020 for automated fuel pumps

Citing technological and regulatory challenges, Mastercard and Visa have postponed their liability deadlines for merchants to employ EMV chip card technology at automated fuel pumps, from October 2017 to October 2020.

Compliance doesn't equal security, but it sure does help

Imagine using faulty information in creating a building design or developing a product or running a political campaign or formulating a new drug. That's exactly what can happen - with devastating results - when hackers or other malfeasants infiltrate an organization and corrupt its data.

U.S. Dept. of IoT? Experts debate need for Internet of Things regulation

Confronting the dangers posed by the Internet of Things, members of the House of Representatives' Energy and Commerce Committee held a hearing on Wednesday that examined the feasibility of regulating IoT devices.

IACR gives Signal its seal of approval

The IACR has certified that it could not find any discernible flaws in the Signal app, saying that it offers a well-designed and compromise-resistant architecture.

ICO deals finance firm fine, as ICO fine total mounts up

A finance firm based in London has been fined £70,000 by the Information Commissioner's Office, in retaliation for its contracted marketing firm sending out some 2.2 million unsolicited SMS messages. The fine comes as the ICO's total bill of outstanding fines mounts up, due to companies going into liquidation rather than paying them.

Too much noise to see the threats, study

A recent study found that 73 percent of security pros admitted to ineffectively using threat intelligence data effectively.

Panel: Obsession with regulatory compliance doesn't guarantee good cybersecurity

Companies should spend less time worrying about meeting minimal requirements for cybersecurity compliance, and concentrate more on how to protect their most sensitive operations, according to experts speaking today at SC Congress Chicago.

NIST study warns of security fatigue among users

Most web users are overwhelmed with warning of online threats and suffer from "security fatigue," according to the National Institute of Standards and Technology (NIST).

EFF slams HP for using security patch to thwart third-party ink purchases

The Electronic Frontier Foundation (EFF) is criticizing HP for using a security update to also install a function that when recognizing a non-HP printer cartridge triggers a printer to shut down.

RTCA airline recs aim to strengthen aviation cybersecurity

A technical committee that provides guidance to the Federal Aviation Administration has reportedly developed drafting recommendations for strengthening the aviation industry's cybersecurity posture.

Hotel operation run by Donald Trump settles breach suit with $500K fine

In a settlement, the hotel chain operated by Republican presidential candidate Donald Trump will fork over $500K in fines and improve the security of its computer network.

Survey: 34% of privacy pros expect their companies to certify under Privacy Shield

In a new survey, only 34 percent of privacy professionals whose companies transfer data from Europe to the U.S. said that they expected their businesses to adopt the newly approved EU-U.S. Privacy Shield.

WoSign mistakenly assigns two user certificates

A Chinese certificate authority mistakenly handed out legitimate user certificates for Github and the University of Central Florida (UCF) to a couple of unauthorized users.

SWIFT did not monitor weak security practices of its users - report

Former board members and senior employees at SWIFT, said the company did not monitor or make attempts to improve the poor security practices of its clients.

Apple blocks Pangu jailbreak bug with OS upgrade 9.3.4

Apple quietly issued "an important security" update on Thursday to its operating system pushing out iOS 9.3.4.

Feds nix SMS-based 2FA

Government service providers will be required to phase out the use of SMS-based two-factor authentication (2FA) as the result of new guidelines from the National Institute of Standards and Technology (NIST).

ISA presents 12-step cybersecurity program at RNC cyber forum

ISA President Larry Clinton urged lawmakers to treat cybersecurity "with a greater sense of urgency," saying in a release that the economics of cybersecurity need to be better integrated into policies.

House committee grills FDIC after report details history of data breach cover-ups

An interim report filed yesterday by the U.S. House Committee on Science, Space and Technology revealed gaping holes in the FDIC's cybersecurity posture and accused the financial institution of withholding documents pertaining to data breaches.

Ninth Circuit ruling upholds password-sharing risk

Computer users sharing their password could suddenly find themselves at risk for arrest.

Brexit shakeup: How will the U.K.'s exit from the EU affect the technology sector?

London is the center of tech startups in Europe. So, how will the U.K.'s separation from the EU impact the tech sector?