Data privacy issues and compliance
- February 25, 2020
Securiti.ai, which offers an AI-powered 'PrivacyOps' platform, took home the title of 'Most Innovative Startup' at RSA Conference's Innovation Sandbox Contest.
- December 30, 2019
New privacy laws are changing data management practices in the enterprise. BigID co-founder Nimrod Vax discusses the importance of being 'data native' in the era of the CCPA.
- November 14, 2019
InfoTrax settled an FTC complaint over an extensive data breach that lasted two years. Now, it can no longer collect any personal data until it implements its own infosec program.
- November 13, 2019
Microsoft said it will apply the California Consumer Privacy Act across the nation and extend the law's data privacy protections to customers in all fifty states.
- July 29, 2019
Tim Mackey of Synopsys tries to clear up some of the mystery around how GDPR regulators determine the fines levied on companies for major data breaches or privacy violations.
- July 09, 2019
The ICO plans to levy a record GDPR fine of nearly $230 million against British Airways for a security incident that led to 500,000 customers having their data compromised.
- June 06, 2019
There haven't been many fines under the General Data Protection Regulation since the EU data privacy law went into effect a year ago. But experts warn that will likely change.
- May 08, 2019
After being a no-show at last year's conference, security and privacy improvements were big themes at Google I/O's first day, including discussion on federated learning.
- April 30, 2019
Since the start of 2018, Facebook has had a seemingly constant cascade of security issues and privacy scandals. Here's a look back at the social media giant's most serious issues.
- March 08, 2019
Facebook and Twitter executives say finding a pattern of malicious activity is more effective in identifying bad actors on sites than looking at the misleading information itself.
- January 23, 2019
The Google GDPR fine of $57 million marks the first time a major tech company has been penalized under Europe's new privacy regulations. But the fine is less than the maximum allowable penalty.
- October 02, 2018
Facebook's GDPR consequences are still up in the air following a data breach, as Irish regulators are waiting on more information before determining if the social network will face a fine.
- September 13, 2018
In addition to other Trend Micro apps banished from the Mac App Store for gathering data inappropriately, the company has admitted to publishing the Open Any Files app.
- September 11, 2018
Researchers claimed Trend Micro apps in the Mac App Store were stealing data. The company removed the offending features, but researchers are still not sold on Trend Micro's excuse.
- July 31, 2018
New consumer privacy laws are changing the global privacy landscape. Citrix's Peter Lefkowitz explains how Citrix is approaching GDPR compliance and privacy issues in general.
- July 27, 2018
Dropbox came under fire for sharing anonymized data with academic researchers after questions emerged about how the data was protected and used.
- July 17, 2018
The difference between data privacy protections afforded to European Union residents and people in the U.S. is more sharply highlighted now that the EU's General Data Protection Regulation has ...
- May 30, 2018
GDPR Day -- May 25, 2018 -- has passed and enforcement is now accepting complaints against companies violating the terms of the EU's new privacy regulation.
- May 30, 2018
The latest semiannual Apple transparency report showed national security requests on the rise and one expert questioned whether Apple could do more to be open about requests.
- May 09, 2018
It's fairly easy to find stories sparking security and privacy concerns regarding a Google product or service — Search, Chrome, Android, AdSense and more — but if you watched or attended Google ...
- April 27, 2018
With the GDPR deadline looming, companies may still be scrambling to do "something" about it, but with less than 30 days to go the best move for many may be to wait and watch, and perhaps just ...
- April 18, 2018
GDPR preparation, with practical tips and recipes, was on the menu at RSAC 2018, as IBM CTO Cindy Compert offered practical advice for compliance with the EU privacy regulation.
- March 31, 2018
Following the Facebook-Cambridge Analytica controversy, major tech companies pledged to defend users from corporate data misuse, but they're ignoring a more serious privacy threat.
- March 30, 2018
With its embrace of new tools for protecting consumer privacy, Apple GDPR privacy protection will be available to all users as the EU's new privacy protection legislation is set to start ...
- March 30, 2018
News roundup: New Facebook privacy features and updates to the company's bug bounty program are being rolled out. Plus, Drupalgeddon 2.0 threatens over 1 million sites, and more.
- March 20, 2018
A whistleblower claims a company with suspicious motives exploited Facebook data harvesting to build profiles on 50 million users and influence the 2016 U.S. presidential election and Brexit vote.
- June 02, 2017
In this week's Risk & Repeat podcast, SearchSecurity editors discuss GDPR compliance and how the EU law will affect enterprise data privacy and security across the globe.
- May 31, 2017
Don't forget the huge fines: When it comes to the new 72-hour GDPR breach notification rule, the cost of compliance must be weighed against harsh GDPR penalties.
- May 30, 2017
The EU's General Data Protection Regulation is less than a year away. Experts explain why data tracking, encryption and other measures are crucial for GDPR compliance.
- May 24, 2017
With GDPR compliance set to be mandatory in one year, Microsoft will help get its cloud customers ready for the new data protection regulation.
- May 24, 2017
With one year left, it's time to prioritize GDPR compliance; Gary Southwell, CSPi's general manager, offers advice for protecting personal data under the EU's new privacy regulation.
- May 23, 2017
Companies doing business in EU face challenge to get GDPR compliant as enforcement of the strict new General Data Protection Regulation is just one year away.
- April 27, 2017
Amazon promises all AWS cloud services will be GDPR compliant before enforcement of the new EU data privacy regulation starts in 2018, offers customers assistance.
- April 07, 2017
Microsoft exposes Windows 10 telemetry practices just a week before Creators Update; may allay privacy concerns over Windows 10 data collection.
- April 05, 2017
The two leading internet security protocol bodies, Online Trust Alliance and Internet Society, merge to work for improved IoT security and online security.
- February 22, 2017
Microsoft vows GDPR compliance in all cloud services when enforcement of the new EU data privacy regulation begins in May 2018, but companies still must take action to avoid fines.
- February 21, 2017
Windows 10 privacy issues remain as EU's top privacy watchdog group, the Article 29 Working Party, issues a second warning letter to Microsoft to simplify, clarify data collection.
- January 26, 2017
Microsoft notches another win in its battle to protect cloud data privacy, as an appeals court quashes the DOJ appeal over a warrant for data stored in an Ireland data center.
- January 13, 2017
New Microsoft privacy tools will give users control over the data collected on the web and within Windows. Experts hope the tools will offer data privacy transparency.
- December 19, 2016
Gas stations get an extra three years to support new chip card payments, as the EMV liability shift date for automated fuel dispensers is pushed to 2020.
- November 30, 2016
After a final push to delay changes to Rule 41 failed in the Senate, the U.S. government now has much wider authority to legally search computers whose location is unknown.
- November 18, 2016
Just two weeks before the deadline, U.S. lawmakers seek to postpone until next summer the acceptance of controversial updates to Rule 41, allowing legal access to unspecified systems.
- October 21, 2016
After a slow start, some U.S. companies are starting to address the questions and challenges of EU-U.S. Privacy Shield certification. But most haven't started the process.
- October 12, 2016
With EU's new privacy regulation set to take effect in May 2018, GDPR compliance may be hampered by lack of planning and awareness, Dell research finds.
- July 29, 2016
Researchers discovered attempts to snoop on dark web servers through malicious changes to Tor Project hidden services directories.
- July 15, 2016
The EU-U.S. Privacy Shield framework takes effect, replacing Safe Harbor for transatlantic data flows; U.S. beefs up Cyber Command.
- July 07, 2016
As the new General Data Protection Regulation privacy regulation looms, many firms face new rules and challenges to protect the privacy of EU citizens, regardless of location.
- June 24, 2016
U.S. Senate fails to pass National Security Letter regulation to enhance warrantless FBI surveillance access to metadata, including email headers and browser history.
- June 22, 2016
EFF and privacy activists oppose Rule 41 changes, while the Department of Justice claims the changes do not alter 'traditional protections' under the Fourth Amendment.
- May 27, 2016
US Reps. Poe and Conyers join Sen. Wyden's fight against changes to Rule 41 that would remove limits on government hacking, introduce companion bill to quash changes.
- May 24, 2016
Former computer science majors Lieu and Hurd wrote to their U.S. House of Representatives colleagues, urging improved awareness of cyber risks and cyberhygiene.
- May 24, 2016
Internet pioneer Paul Vixie spoke with SearchSecurity about IPv6 NAT, IPv6 and the Internet of Things, and the long, thankless path to deploying IPv6.
- May 12, 2016
The new Privacy Shield framework for transatlantic data flows faces challenges from Article 29 Working Party criticism, as well as U.S. changes to Rule 41 for computer searches.
- April 29, 2016
More fallout from the Apple/FBI conflict: The second iPhone suit was dropped; the FBI can't provide details of a tool used to unlock the San Bernardino shooter's phone.
- April 22, 2016
Experts face off in Congress over 'going dark' encryption debate, stake out positions on security, privacy and government access; polls show support for strong encryption.
- February 19, 2016
Roundup: DHS posts first pass at guidelines for cyberthreat indicator reporting under CISA. Plus, the U.S. planned a major cyberattack against Iran if nuclear diplomacy had failed, and more news.
- February 12, 2016
Roundup: Details are uncertain for the EU-U.S. Privacy Shield framework, as Facebook is charged with privacy violations in France over the use of the now-illegal Safe Harbor framework; more news.
- January 29, 2016
Roundup: As the deadline looms to replace the Safe Harbor data-sharing framework, the U.S. and EU continue to make progress; Senate is ready to vote on the Judicial Redress Act.
- January 19, 2016
David Chaum presents Internet anonymity tool PrivaTegrity, using the cMix mix network for reliable, high-performance Internet anonymity and protection against attacks or unauthorized backdoors.
- January 08, 2016
- December 18, 2015
News roundup: As EU's Global Data Protection Regulation advances, businesses anticipate higher penalties and compliance costs. Also, malware roundup.
- November 20, 2015
News roundup: Rights groups join critics of Safe Harbor framework update, OPM breach testimony pushback, FBI hiring part of cybersecurity issue for Justice Department. Plus: recycled malware, Microsoft's security push.
- October 16, 2015
News roundup: FBI issues a public service announcement about EMV chip-and-signature cards. Plus: bumper crop of OS X malware in 2015; phishing sites with authenticated certificates and more.
- October 16, 2015
The Consumer Privacy Bill of Rights, if made a federal law, would create a uniform set of privacy requirements. Here's a look at the potential benefits.
- October 09, 2015
News roundup: The EU Court has invalidated the Safe Harbor agreement, leaving companies scrambling to deal with overseas data transfers securely. Plus: SHA-1 collision attack; NIST email security initiatives; worry over cyberthreats.
- October 02, 2015
News roundup: Despite a low adoption rate going into the liability shift, many in the industry are optimistic about the future of EMV use. Plus: TrueCrypt flaws; AWS crypto keys stolen; women in infosec.
- October 01, 2015
The Oct. 1, 2015 deadline for EMV liability has arrived, though merchants and retailers alike aren't ready for the change.
- September 25, 2015
News roundup: More fingerprint records were stolen during the OPM breach than originally reported. Plus: the $1 million iOS bounty; DHS CISO calls for harsher phishing policies; Safe Harbor in hot water.
- July 31, 2015
Major IT companies, such as Black Hat and Google, spoke out against the proposed Wassenaar Arrangement rules for cybersecurity software. And those protests caused the U.S. Department of Commerce to commit to drafting new rules.
- July 23, 2015
The National Guard reported an accidental data exposure affecting thousands of former and current employees was not related to the OPM breach.
- July 20, 2015
The Wassenaar Arrangement is a multilateral export control association aimed at controlling a wide range of goods, including intrusion software. However, Black Hat and Google believe the proposed rules will have a negative impact on security.
- June 23, 2015
With the recent OPM breach raising questions about the security of federal data within the government, NIST has issued new guidelines in order to secure data stored by federal contractors outside government facilities.
- June 05, 2015
News roundup: New settings and options to boost user privacy and security are emerging on major websites, but is it enough?
- March 20, 2015
News roundup: Researchers at the 2015 Pwn2Own exploited every major Web browser, casting doubt on browser security once again. Plus: high-severity OpenSSL update; IE being phased-out in Windows 10; Americans dodging online surveillance.
- March 18, 2015
The Consumer Privacy Bill of Rights proposed by the Obama administration is a good first step, according to experts, and may simplify privacy compliance for enterprises currently dealing with many different state laws.
- October 17, 2014
News roundup: New research shows a dramatic increase in the cost of cybercrime and data breach remediation. Plus: Security as a service popularity surges, Snowden journalist touts the importance of free security software, and more.
- April 24, 2014
The security practices in place at healthcare organizations is not up to par with those of other, more mature industries, according to an FBI notice.
- March 31, 2014
- March 26, 2014
The Affordable Care Act introduced a number of infosec issues, but an expert at SecureWorld Boston 2014 said the right mitigations can ease concerns.
- March 05, 2014
Attorney Marcia Hofmann says without new data privacy laws, the FBI can strong-arm providers into handing over customers' sensitive data.
- January 31, 2014
An attorney says the rumored suspension of Safe Harbor is unlikely, but either way, data privacy compliance will get harder for U.S. companies.
- November 06, 2013
As reported HealthCare.gov security issues continue to accrue, one expert claims the website security concerns have been "overblown."
- August 01, 2013
A decade after becoming law, the ripple effects of California's SB 1386 have surfaced in a new breed of proactive, granular state data privacy laws.
- April 09, 2013
The proposed California Right to Know Act may compel CISOs to develop additional privacy policies or create new privacy officer roles.
- January 29, 2013
More CISOs may be taking on data privacy management. Fortunately, old, outdated privacy laws may lend them a helping hand.
- September 17, 2012
Data privacy issues are new territory for infosec pros, who face managing new data analysis methods vs. customers' concern with unintended data usage.
- May 24, 2012
The number of computer security laws in the U.S. can be daunting. One bold lawyer suggests a way to prioritize the laws and avoid most legal battles.
- March 08, 2012
Changes to the data protection regulations are on the way for the European Union, and the fallout in Europe serves as a good case study for U.S. businesses.
- March 01, 2012
RSA Conference 2012 panelists discussed court rulings on liability for hacked bank accounts, and gave advice to security pros for protecting financial assets.
- December 20, 2011
Legislation is aimed at stopping piracy, but security professionals and industry groups say it could weaken security, hamper innovation and limit competition among small businesses and startups.
- July 06, 2011
FoxNews.com and PayPal UK Twitter accounts get hijacked by anonymous groups. Hackers took control of two prominent Twitter accounts recently, posting false messages to followers of the accounts of ...
- June 01, 2011
The bill would supersede state laws and experts say they could help enterprises by setting one standard set of rules for breach notification.
- January 31, 2011
A study by the Ponemon Institute found that the average total cost of compliance is more than $3.5 million.
- July 28, 2010
Targeted, persistent attacks are supported by a great deal of automation and new functionality that is having little difficulty bypassing traditional security defenses and forensic investigations, two researchers revealed at the Black Hat Briefings.
- June 22, 2010
The PCI Security Standards Council will update the PCI Data Security Standard on a new three-year cycle after the latest update is applied in October.
- January 28, 2010
The official charged with enforcing the MA 201 CMR 17 data protection law says early reporting of potential breaches and cooperation will help firms avoid enforcement action.
- July 07, 2009
The success rate is as high as 90% for individuals born after 1989 in less populous states. Some data was gleaned from social networking sites.
- March 02, 2009
Do you know where your data is? The latest HIPAA changes should motivate healthcare security teams to understand information flows.
- February 13, 2009
Law now taking effect Jan. 1, 2010 would require any business collecting information on Massachusetts residents to encrypt sensitive data, protecting it from data leakage.
- February 05, 2009
The benefits of complete PCI and the necessity of full compliance are now being widely questioned, says Eric Ogren, principal analyst, The Ogren Group.