Information Management Today

Modified Draft CCPA Regulations: How They Impact Businesses

Data Breach Today

FEBRUARY 26, 2020

In an in-depth interview, privacy expert Caitlin Fennessy sorts through modified draft regulations to carry out the California Consumer Privacy Act that are designed to help businesses take a more pragmatic approach to privacy.

Privacy

FBI to Evaluate Bids to Delay Reporting Cybersecurity Events

Data Breach Today

DECEMBER 8, 2023

Regulators allow companies a pause of up to 60 business days and up to 120 business days for a substantial national security risk. SEC Says Large Companies Must Report Material Incidents to Investors as of Dec.

Cybersecurity

Cybersecurity Risk Security

Dragos Raises $74M to Advance OT Protection in Europe, Asia

Data Breach Today

SEPTEMBER 18, 2023

Money Will Address Enhanced OT Security Rules From Regulators, Insurance Providers Dragos completed a Series D extension to help organizations address enhanced OT security requirements from regulators and cyber insurance providers.

Insurance

Insurance Cybersecurity Security

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

BlackCat Gang Tattles to SEC About Victim Not Disclosing Breach

Data Breach Today

NOVEMBER 16, 2023

federal regulators about an alleged victim not disclosing a material cyberattack within four business days. Ransomware Group Says MeridianLink Didn't Tell SEC About Cyberattack Within 4 Days The BlackCat ransomware group tattled to U.S.

Ransomware

Ransomware IT

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Privacy

Second Front Raises $40M to Support More Classified Networks

Data Breach Today

NOVEMBER 28, 2023

Series B Funding Will Help Second Front Pursue US Civilian, International Business A vendor focused on fast-tracking government access to commercial software closed its Series B funding round to support more classified and regulated environments. Defense and National Security space.

Government

Government Access Security IT

ISMG Editors: Can Governments Get a Handle on AI?

Data Breach Today

OCTOBER 6, 2023

and Europe that could regulate AI, recent developments within the EU cybersecurity and privacy policy arena, and the disparities between the perspectives of business leaders and cybersecurity leaders on the security landscape.

Government

Government Cybersecurity Privacy Security

How the GDPR and NIS Regulations can help Cloud service providers win business

IT Governance

NOVEMBER 8, 2018

The EU GDPR (General Data Protection Regulation) and NIS Regulations (Network and Information Systems Regulations 2018) place an added emphasis on organisations’ ability to prevent data breaches and ensure that critical infrastructure remains operational in the event of disruption. Streamlining compliance.

GDPR

GDPR Cloud Compliance Data breaches

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

The Last Watchdog

JANUARY 28, 2024

However, over the past 20 years the practice of analyzing user data hasn’t advanced much beyond serving the business models of these tech giants. Rising data privacy regulations underscores the need for such a capability, Boyle told me. This, in turn, has led to rising data privacy regulations. That could be about to change.

Privacy

Privacy Data Privacy GDPR Personal data

Rethinking Information Governance In The Age of Unstructured Enterprise Data

This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information such as: How to manage information across multiple sectors of the business. How to keep up with new regulations, while making the right decisions. How to promote IG leadership.

Information governance

The New Privacy Regulation That’s Sink-or-Swim for Small Business

Adam Levin

FEBRUARY 17, 2020

The California Consumer Privacy Act ( CCPA ) became law on January 1, 2020, and as was the case on the effective date of the General Data Protection Regulation (GDPR), the European Union’s similarly sweeping privacy legislation, it is being met with a general panic. Still others call it business as usual. What Is the CCPA?

Privacy

Privacy Compliance Personal data Sales

US: CPRA analysis: The ‘good’ and ‘bad’ news for CCPA-regulated ‘businesses’

DLA Piper Privacy Matters

MAY 11, 2020

1, 2023, and move California privacy law a bit further in the direction of the EU General Data Protection Regulation. Some good news for CCPA-regulated ‘businesses’ The CPRA would: Limit businesses’ liability for violations of the law by “third-party” businesses. Enforcement and fines.

Privacy

Privacy Unstructured data Access Data collection

SEC Votes to Require Material Incident Disclosure in 4 Days

Data Breach Today

JULY 26, 2023

federal market regulators adopted rules Wednesday that require publicly traded companies to disclose most "material cybersecurity incidents" within four business days of determining materiality. Rules Approved in 3-2 Party Line Vote, Will Take Effect in December for Large Firms U.S.

Marketing

Marketing Cybersecurity

The NIS Directive (NIS Regulations) – the UK law businesses need to know about

IT Governance

JULY 20, 2018

Although much of the focus in 2018 has been on ensuring compliance with the EU GDPR (General Data Protection Regulation) , another EU directive became UK law in May – the NIS Regulations (Network and Information Systems Regulations 2018). What are the NIS Regulations? Who does it apply to?

Compliance

Compliance GDPR Personal data Cloud

Best Practices for Modern Records Management and Retention

Speaker: Sean Baird, Director of Product Marketing at Nuxeo

Documents are at the heart of many business processes. Organizations in highly regulated industries are realizing that traditional records management practices are insufficient and ineffective in today’s digital world.

Records Management

Best Practices Q&A: The importance of articulating how cybersecurity can be a business enabler

The Last Watchdog

APRIL 1, 2024

The technology and best practices for treating cybersecurity as a business enabler, instead of an onerous cost-center, have long been readily available. The report, titled “ Embed Cybersecurity And Privacy Everywhere To Secure Your Brand And Business ,” argues for a paradigm shift.

Cybersecurity

Cybersecurity Privacy B2B Risk

At Half-Year Mark, Ransomware, Vendor Breaches Dominate

Data Breach Today

JULY 14, 2022

Latest Analysis of HHS OCR Health Data Breach Trends A little more than halfway into the year, hacking incidents, and especially ransomware incidents, as well as breaches involving business associates, are dominating the hundreds of major health data breaches affecting millions of individuals being reported to federal regulators.

Ransomware

Ransomware Data breaches

Best Practices Q&A: Guidance about what directors need to hear from CISOs — from a board member

The Last Watchdog

APRIL 8, 2024

LW: What are fundamental steps CISOs can take to start to think and act strategically and communicate more effectively Pigueros: First, they need to understand the business including financials, customer concerns, product deficiencies and any macro level issues and how they are impacting the business.

Compliance

Compliance Cybersecurity Risk Mining

Marriott and BA's Reduced Privacy Fines: GDPR Realpolitik

Data Breach Today

NOVEMBER 3, 2020

Final Fines Set Precedent, Avoid Court Cases, Likely Reflect EU Penalty Benchmarks Large, recently levied privacy fines against the likes of British Airways, H&M and Marriott show regulators continuing to bring the EU's General Data Protection Regulation to bear after businesses get breached.

Privacy

Privacy GDPR

CIPL Releases White Paper on Accountable AI Best Practices

Hunton Privacy

FEBRUARY 23, 2024

Organizations recognize the need to demonstrate AI accountability as a business imperative, especially as the expectations of consumers, business partners, shareholders and regulators around responsible AI use continue to grow. Tone from the top” is crucial for responsible AI programs.

Paper

Paper Government Risk Information Security

Discord Fined by French CNIL for GDPR Violations

Data Breach Today

NOVEMBER 17, 2022

Video Streamer Pays 800,000 Euros to Settle Probe of Privacy and Security Practices The French data protection authority fined Discord 800,000 euros for privacy and security practices that violate the General Data Protection Regulation.

GDPR

GDPR Personal data Privacy Security

CPPA Issues Draft CPRA Regulations on Risk Assessment and Cybersecurity Audit

Hunton Privacy

AUGUST 29, 2023

On August 29, 2023, the California Privacy Protection Agency (“CPPA”) Board issued draft regulations on Risk Assessment and Cybersecurity Audit (the “Draft Regulations”). The CPPA Board will discuss the Draft Regulations during a public meeting on September 8, 2023.

Risk

Risk Cybersecurity Artificial Intelligence Privacy

GUEST ESSAY: Why internal IT teams are ill-equipped to adequately address cyber risks

The Last Watchdog

FEBRUARY 11, 2024

It seems every day we hear of another breach, another scam, another attack on anything from a small business to a critical aspect of our nation’s infrastructure. From identity theft to greater oversight on risk management, internal IT teams will be taking the brunt of these incoming regulations. The list goes on.

Risk

Risk IT Financial Services Cybersecurity

$8 million penalty to NYDFS – and another case of over-retention

Data Protection Report

JANUARY 18, 2024

On January 3, 2024, the New York Department of Financial Services announced a consent order with GGT, where GGT agreed to pay NYDFS $8 million and to surrender its BitLicense (for cryptocurrency trading), due to alleged violations of NYDFS’ cybersecurity and its virtual currency regulations.

Cybersecurity

Cybersecurity Financial Services Compliance Encryption

SEC’s Cybersecurity Disclosure Rules Are Here. Is Your Company Ready to Comply?

Data Matters

SEPTEMBER 28, 2023

And, as their cyber risk skyrockets, the SEC has stepped in with new regulations, telling businesses what to disclose about these incidents — and requiring detailed disclosures on cyber risk management more broadly. The post SEC’s Cybersecurity Disclosure Rules Are Here.

Cybersecurity

Cybersecurity Compliance Risk Privacy

Artificial Intelligence (Regulation) Bill: UK Private Members’ Bill underscores wide-spread regulatory concerns

Data Protection Report

NOVEMBER 28, 2023

A Private Members’ Bill, the Artificial Intelligence (Regulation) Bill (the Bill ), has been introduced into House of Lords (the UK’s upper House of the UK Parliament) and is currently at the second Parliamentary stage. The establishment of an AI Authority by separate regulations. Criminal offences, penalties and fines.

Artificial Intelligence

Artificial Intelligence Risk Government Paper

SEC Delays Final Rules on Breach Disclosure, Board Expertise

Data Breach Today

JUNE 20, 2023

Delay Comes Amid Criticism of Rule Requiring 4-Day Disclosure of Material Incidents Federal market regulators delayed until October a decision on rules mandating private sector disclosure of cybersecurity incidents and cyber expertise on public boards.

Cybersecurity

Cybersecurity Marketing

GUEST ESSAY: JPMorgan’s $200 million in fines stems from all-too-common compliance failures

The Last Watchdog

JANUARY 13, 2022

Commodity Futures Trading Commission (CFTC) fine against JPMorgan sent shockwaves through financial and other regulated customer-facing industries. Without a responsible business communication platform for these conversations to flow through, customer requests and discussions live only on employees’ personal devices.

Compliance

Compliance Customer Experience Communications Archiving

Lawmakers Weigh Laws Proposed in Biden's Cyber Strategy

Data Breach Today

MARCH 24, 2023

House subcommittee got their first look at the Biden administration's new National Cybersecurity Strategy and quizzed the White House cybersecurity director on the timeline, proposed regulations and incentives for private businesses.

Cybersecurity

California Privacy Protection Agency Publishes Draft Regulations on Automated Decisionmaking Technology

Hunton Privacy

NOVEMBER 27, 2023

On November 27, 2023, the California Privacy Protection Agency (“CPPA”) published its draft regulations on automated decisionmaking technology (“ADMT”). Under the proposed regulations, individuals also can exercise a right to access information about a business’s use of ADMT.

Privacy

Privacy Artificial Intelligence Access IT

Balancing Security + Compliance

Jamf

JANUARY 24, 2024

Learn about the basics of compliance in cybersecurity and why it is a crucial component of your organization’s security posture.

Compliance

Compliance Security Cybersecurity Risk

The New Cybersecurity Landscape: What the NYDFS Regulations Really Mean for Your Business

Hunton Privacy

MARCH 7, 2017

Sotto on the new cybersecurity regulations from the New York State Department of Financial Services (“NYDFS”). The NYDFS regulations will impose significant cybersecurity requirements on impacted businesses that will dictate how they plan for, respond to, and recover from data security events. Join Lisa J.

Cybersecurity

Cybersecurity Financial Services Privacy Security

Transitioning to a Fully Digital Government

National Archives Records Express

APRIL 25, 2024

While NARA recently published 36 CFR 1236 providing instructions to digitize paper records, this regulation should not be used to continue paper-based business processes. Agencies should review their business processes, specifically identifying those that still involve paper records.

Government

Government Computer and Electronics Paper Metadata

News alert: Beazley reports on how AI, new tech distract businesses as cyber risk intensifies

The Last Watchdog

JULY 13, 2023

The data shows how perceptions around cyber and technology risks, from ransomware and other cyber-attacks to the threats posed by AI, are changing the global business risk landscape. The economic impact of cybercrime on business across the globe continues to reach new levels, with the cost predicted to reach US$10.5

Risk

Risk Insurance Energy and Utilities Marketing

Ransomware Victims That Pay Up Could Incur Steep Fines from Uncle Sam

Krebs on Security

OCTOBER 1, 2020

The Federal Bureau of Investigation (FBI) and other law enforcement agencies have tried to discourage businesses hit by ransomware from paying their extortionists, noting that doing so only helps bankroll further attacks. But in practice, a fair number of victims find paying up is the fastest way to resume business as usual.

Ransomware

Ransomware Insurance Risk Government

CHINA: New draft proposes more stringent requirements for processing data in the financial services industry

DLA Piper Privacy Matters

AUGUST 8, 2023

Authors: Carolyn Bigg, Amanda Ge and Venus Cheung On July 24, 2023, the People’s Bank of China (“ PBOC ”) released the Measures for the Management of Data Security in the Business Areas Falling into PBOC’s Jurisdiction (Draft for Comment) (“ Draft Measures” ) for public consultation, which closes on August 24, 2023.

Financial Services

Financial Services Personal data Compliance Data collection

Cryptocurrencies and cybercrime: A critical intermingling

Security Affairs

APRIL 26, 2024

Emerging threats Cybercrime often exploits precisely the lack of regulation and centralized controls of cryptocurrencies to deceive investors and embezzle funds through various forms of phishing, investment scams, digital wallet theft, ransomware, and illegal mining.

Education

Education Mining Encryption Cybersecurity

How Much Will CMMC 2.0 Compliance Really Cost?

Daymark

MARCH 12, 2024

Many companies are currently evaluating how they might fund initiatives necessary to move their businesses towards compliance with the Cybersecurity Maturity Model Certification (CMMC). When businesses suffer a cyberattack and cannot afford the cost to recover, they often go bankrupt. 5 Phases for Cybersecurity Compliance

Compliance

Compliance Cybersecurity GDPR Government

META hit with privacy complaints by EU consumer groups

Security Affairs

MARCH 4, 2024

Consumer groups assert that Meta is not adhering to various rules established by the European privacy regulation GDPR: Fair Processing (Article 5(1)(a)): Personal data must be processed lawfully, fairly, and transparently. The European Consumer Organization strongly opposes Meta’s business model for data collection and processing.

Privacy

Privacy GDPR Personal data Data collection

AIIM Comments on AI Accountability

AIIM

JULY 18, 2023

Governments around the world have started the arduous process of developing regulations and standards for artificial intelligence. Information management is not an insular profession and it's most successful in an organization when it's focused outward on the needs of stakeholders and business outcomes.

Artificial Intelligence

Artificial Intelligence Government IT

Data Security Trends: 2024 Report Analysis

Thales Cloud Protection & Licensing

MARCH 24, 2024

Data Security Trends: 2024 Report Analysis madhav Mon, 03/25/2024 - 05:08 Amid ongoing economic uncertainty and a progressively complex threat landscape, businesses are trying to navigate increasingly stringent regulatory requirements while bolstering their security posture. Alarmingly, 16% admitted to hardly classifying any of their data.

Security

Security Artificial Intelligence IoT Compliance

New SEC Rules Will Do More Than Result in Quick Breach Reporting

KnowBe4

DECEMBER 5, 2023

organizations (and foreign entities doing business in the U.S.) that must follow SEC regulations. Security & Exchange Commission (SEC) announced several new cybersecurity rules , taking affect mid-December 2023, that will significantly impact all U.S.

Cybersecurity

Cybersecurity Security Ransomware

Calculating Materiality for SEC Rule 1.05

KnowBe4

FEBRUARY 9, 2024

of the 8-K, requires that all regulated companies report significant cybersecurity breaches within four business days of determining that the incident was “material”. Securities and Exchange Commission (SEC), through a new requirement of Item 1.05

Cybersecurity

Cybersecurity Security Ransomware

Preparing for the Unexpected: A Proactive Approach to Operational Resilience

Dark Reading

OCTOBER 6, 2023

Try these steps to create an operational resilience action plan that will satisfy financial regulators and help sustain business without disruption.

Modified Draft CCPA Regulations: How They Impact Businesses

FBI to Evaluate Bids to Delay Reporting Cybersecurity Events

Webinars

Trending Sources

Dragos Raises $74M to Advance OT Protection in Europe, Asia

Webinars

BlackCat Gang Tattles to SEC About Victim Not Disclosing Breach

Privacy without borders: Reality or Fantasy?

Second Front Raises $40M to Support More Classified Networks

ISMG Editors: Can Governments Get a Handle on AI?

How the GDPR and NIS Regulations can help Cloud service providers win business

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

Rethinking Information Governance In The Age of Unstructured Enterprise Data

The New Privacy Regulation That’s Sink-or-Swim for Small Business

US: CPRA analysis: The ‘good’ and ‘bad’ news for CCPA-regulated ‘businesses’

SEC Votes to Require Material Incident Disclosure in 4 Days

The NIS Directive (NIS Regulations) – the UK law businesses need to know about

Best Practices for Modern Records Management and Retention

Best Practices Q&A: The importance of articulating how cybersecurity can be a business enabler

At Half-Year Mark, Ransomware, Vendor Breaches Dominate

Best Practices Q&A: Guidance about what directors need to hear from CISOs — from a board member

Marriott and BA's Reduced Privacy Fines: GDPR Realpolitik

CIPL Releases White Paper on Accountable AI Best Practices

Discord Fined by French CNIL for GDPR Violations

CPPA Issues Draft CPRA Regulations on Risk Assessment and Cybersecurity Audit

GUEST ESSAY: Why internal IT teams are ill-equipped to adequately address cyber risks

$8 million penalty to NYDFS – and another case of over-retention

SEC’s Cybersecurity Disclosure Rules Are Here. Is Your Company Ready to Comply?

Artificial Intelligence (Regulation) Bill: UK Private Members’ Bill underscores wide-spread regulatory concerns

SEC Delays Final Rules on Breach Disclosure, Board Expertise

GUEST ESSAY: JPMorgan’s $200 million in fines stems from all-too-common compliance failures

Lawmakers Weigh Laws Proposed in Biden's Cyber Strategy

California Privacy Protection Agency Publishes Draft Regulations on Automated Decisionmaking Technology

Balancing Security + Compliance

The New Cybersecurity Landscape: What the NYDFS Regulations Really Mean for Your Business

Transitioning to a Fully Digital Government

News alert: Beazley reports on how AI, new tech distract businesses as cyber risk intensifies

Ransomware Victims That Pay Up Could Incur Steep Fines from Uncle Sam

CHINA: New draft proposes more stringent requirements for processing data in the financial services industry

Cryptocurrencies and cybercrime: A critical intermingling

How Much Will CMMC 2.0 Compliance Really Cost?

META hit with privacy complaints by EU consumer groups

AIIM Comments on AI Accountability

Data Security Trends: 2024 Report Analysis

New SEC Rules Will Do More Than Result in Quick Breach Reporting

Calculating Materiality for SEC Rule 1.05

Preparing for the Unexpected: A Proactive Approach to Operational Resilience

Stay Connected