One day after Quest Diagnostics reported that nearly 12 million of its patients were potentially affected by a malicious breach of third-party bill collection vendor American Medical Collection Agency (AMCA), fellow clinical testing firm LabCorp acknowledged that roughly 7.7 million of its customers may be affected by the same incident. Burlington, North Carolina-based LabCorp publicly…
A major operational error has resulted in the issuance of at least one million browser-trusted digital certificates from GoDaddy, Apple and Google that don’t comply with binding industry mandates. The misconfiguration is the result of open source EJBCA software package that many browser-trusted authorities use to generate certificates that secure websites, encrypt email, and digitally…
The finance, banking and payment services industries have until September 2019 to comply with PSD2, a revised set of European Union regulations that give consumers more options and safer ways to make payments online. At RSA 2019, Geoff Sanders, director of product at anti-fraud and MFA company iovation (and former co-founder and CEO of iovation…
By Paul Iagnocco, director, consulting ,TrustArc Global and domestic privacy regulations like GDPR and the California Consumer Privacy Act (CCPA) are forcing businesses to develop and implement comprehensive data management processes to comply with new privacy requirements. In this age of compliance, privacy strategies have become ongoing initiatives, rather than one-time implementations. New privacy-by-design principles…
California passed has just passed a law effectively banning weak passwords and enforcing other security measures to more effectively secure connected devices. While its unlikely individuals or businesses will be raided by local law enforcement for attempting to lock down their computer or Wi-Fi using “Password123,” the new law will require that manufactured devices be…
Sen. Ron Wyden, D-Ore., sent a letter to Attorney General Jeff Sessions urging the Justice Department to be more forthright about Stingray devices after learning they may interfere with 911 Emergency Services.
Crimson Hexagon, a company that generates consumer insights from public social media posts, has been suspended from Facebook while the social media giant evaluates whether the data collection firm violated Facebook policies.
Regulators in Alabama, California, Georgia, Maine, Massachusetts, New York, North Carolina and Texas set in place specific steps the credit bureau must follow.
Google announced its plans detailing how it will handle customer data to comply with GDPR requirements after May 25.
Like many college students who cram the night before a test – and some writers who test the limits of their editors’ patience with their procrastination – many companies have pushed off GDPR compliance, believing either it doesn’t apply to them, it’s too costly or overwhelming or they can afford to wait and see just how serious regulators are about admonishing and fining companies who falter on privacy.
Big mistake.
