Voting in the United States carries a huge privacy cost: states give away or sell voters' personal information to anyone who wants it. In this era of content micro-targeting, rampant misinformation and identity theft schemes, this trade in voters' personal data is both dangerous and irresponsible.
Although the EU's General Data Protection Regulation only went into full effect on May 25, its mandatory privacy breach notifications are already having an effect on the cyber insurance marketplace, says Thomas Clayton of Zurich Insurance.
Organizations that don't properly guard their employees' healthcare data and violate HIPAA privacy standards are liable for large fines and often suffer significant brand damage and other negative consequences.
If hackers break into a healthcare company's systems, or an employee leaves a laptop in a coffee shop or...
Certain cloud security solutions will protect you today but which are best designed for the future?
Download this checklist to determine how ready your cloud security solution is to meet the challenges of the Vanishing Perimeter and deliver always-on, everywhere protection.
This week's edition of the ISMG Security Report features an analysis of whether the U.K.'s fine of Facebook for the Cambridge Analytica scandal is just the beginning of regulatory enforcement action. Plus: A potential settlement of Yahoo breach lawsuit and tips on securing data in the cloud.
Unused or unmonitored SSH keys grant alarming levels of privileged access beyond users, proliferating into your machine-to-machine communications and services. Learn how securing your SSH inventory beyond your PAM solution helps compliance with NIST, FISMA, and CDM along with five steps you can take today to...
A key amendment to Canada's Personal Information Protection and Electronic Documents Act goes into effect on Nov. 1. What are the baseline standards for compliance, and how does this change impact risk transfer and mitigation?
While PIPEDA is not a new law and been on the books for a long time, what is coming is...
To comply with GDPR, Facebook has notified Ireland's data privacy watchdog about the massive breach it has suffered, resulting in 50 million accounts being exposed. But Irish authorities have signaled that Facebook has failed to share all of the information they would have expected to see.
Breached businesses in Europe: Brace for more class action lawsuits seeking material and non-material damages filed by victims following mandatory data breach notifications under GDPR, says attorney Jonathan Armstrong. He predicts more breach-related suits will succeed in Europe than in the United States.
Massive, well-resourced companies are still using live customer data - including their plaintext passwords - in testing environments, violating not just good development practices but also privacy laws. That's yet another security failure takeaway from last year's massive Equifax breach.
Credit bureau Equifax has been hit with the maximum possible fine under U.K. law for "multiple failures" that contributed to its massive 2017 data breach, including its failure to act on a critical vulnerability alert issued by the U.S. Department of Homeland Security.
Attorney Elizabeth Harding clears up confusion about certain provisions of the EU's General Data Protection Regulation, including the issue of when organizations need to obtain a European consumer's consent to process their data.
The cyberthreat landscape is rapidly changing. As attacks continue to increase in volume and sophistication, agency defenses also must evolve.
In order to do so, many agencies are moving toward a more holistic, analytics-driven approach to security. By gaining an end-to-end view of what's happening inside an agency...