Marriott Settles Huge Privacy Case

marriott

Marriott International has reached a settlement with state and federal regulators over repeated privacy breaches the hotel chain suffered in the 2010s, where Marriott will pay $52 million states across the country and implement a raft of cybersecurity improvements under the watchful eye of the Federal Trade Commission. The FTC and state attorneys general announced…

Read More

Report Spotlights Privacy Access Requests

privacy

A study of consumers’ data privacy habits suggests that people are growing more possessive of their privacy rights, which in turn is driving up the compliance costs for businesses trying to meet those privacy demands.  So says a report released Wednesday by DataGrail, a software firm that helps companies automate their privacy compliance processes. The…

Read More

Fresh Stats on Cyber & Privacy Risks

key controls

We have a fascinating new snapshot of cybersecurity risks these days — including companies racing to embrace cloud computing without fully understanding the security fundamentals, insecure mobile applications, and persistent bad habits with software patching and encryption. Said snapshot comes from Coalfire, one of the more notable cybersecurity and compliance software firms, which just released…

Read More

Thoughts on Data Security

data protection

This week I’m attending the ISACA-Institute of Internal Auditors GRC Conference in Las Vegas. As one might imagine, data security is all over the agenda, so I’ve been taking notes for those audit and compliance executives back home looking for suggestions on how to make your GRC efforts better.  For starters I attended a fascinating…

Read More

That Massive Privacy Settlement for Fortnite

Like so many other adults in this world, I have children who play Fortnite. When they play, they ignore me. This gives me time for other pursuits, such as reading the massive enforcement action and compliance reforms that the feds just imposed on Fortnite. You may have seen the headlines already. Epic Games, the owner…

Read More

SEC Reminders on Identity Theft

cybersecurity

The Securities and Exchange Commission has published a review of financial firms’ identity theft programs, in case anyone is looking for helpful hints and tips on how to strengthen your own program. Most of the SEC’s advice, however, boils down to a company sincerely thinking about its risks here. The advice came in the form…

Read More

Morgan Stanley Fined on Data Destruction

Morgan Stanley

We have quite the reminder on IT risk today courtesy of the Securities and Exchange Commission. The agency just fined a subsidiary of Morgan Stanley for poor data protection practices, which even led to one incident where the bank’s old IT equipment was sold at auction with customer data still on the hard drives.  The…

Read More

Roe Falls; Compliance Programs Brace

roe

They say that a columnist writes about what people are talking about, so there’s only one thing to write about today: the immense implications of the Supreme Court’s decision to invalidate Roe v. Wade. Even at this early stage, the consequences for corporate ethics and compliance programs are emerging fast and furious.  We can begin…

Read More

Study: California Privacy Compliance a Mess

privacy

A new research report says the vast majority of companies are not prepared to comply with the California Consumer Privacy Act, with nearly 90 percent of businesses either fumbling along with manual processes or just not in compliance at all.  So says Cytrio, a privacy compliance software vendor that published the report on Wednesday, after…

Read More

Microsoft, Activision and Antitrust Issues

OK, Microsoft has proposed acquiring Activision Blizzard for $68.7 billion. Now comes the parlor game of analyzing the ethics and compliance issues involved in this mammoth deal, and two arise right away: surviving regulatory scrutiny, and repairing Activision’s defective corporate culture. We can begin with the regulatory scrutiny, because this deal captures so many current…

Read More