Marriott's mega-breach underscores the challenges companies face in securing systems that come from acquisitions as well as simply storing too much consumer data for too long, computer security experts say. Meanwhile, the hotel giant has yet to answer many pressing data breach questions.
The United States will soon officially have a single agency that takes the lead role for cybersecurity. Congress has passed legislation to establish the Cybersecurity and Infrastructure Security Agency within the Department of Homeland Security. The measure awaits President Trump's signature.
As CISOs, CIOs and privacy officers look for ways to boost the timely, secure sharing of healthcare information to improve treatment, one obstacle that potentially stands in the way is CFR-42 Part 2, a 1970s-era regulation. Dozens of healthcare organizations are pushing Congress to change that regulation.
Less than four months after GDPR enforcement began, Europe has arguably entered the modern data breach notification era. Reports of data breaches continue to increase, and breached organizations now face the specter of class-action lawsuits over material as well as non-material damages.
The Srikrishna Committee's recommendation in its draft of a data protection bill that foreign companies be required to only store domestically certain "critical" data of Indians is impractical and will not help prevent breaches.
U.S. President Donald Trump signed a presidential order on Wednesday that revokes a set of Obama-era guidelines for offensive cyber operations, The Wall Street Journal reports. The policy change may satisfy critics who contend the U.S. should be able to move faster, but it raises risks of escalating cyber conflict.
While California already had some of the strictest and most varied privacy laws in the country, the new California Consumer Privacy Act of 2018 "is a whole new ballgame," says privacy attorney Kirk Nahra, who explains why.
Leading the latest edition of the ISMG Security Report: CipherTrace CEO Dave Jevans discusses recent research on cryptocurrency money laundering and whether regulation is possible. Plus, California passes a new privacy law.
Privacy rights groups are calling on the Court of Justice of the European Union to clamp down on at least 17 EU governments that require domestic telecommunications firms to store all communications data, despite the court having ruled that such mass surveillance practices are illegal.
Starting Sept. 1, organizations in Colorado must notify victims of breaches of personal information - including health data - within 30 days of determination that a breach occurred. That's a tougher requirement than the HIPAA breach notification rule.
Congress is considering how to help beef up the healthcare sector's preparedness and response to cyber threats. But why is there so much confusion about the role of the Department of Health and Human Services?
There is a lot to say about the disorganized way most cyber incident claims are currently handled. Instead, adopting a project management approach will make better use of resources and lead to several benefits.
To this point, many incidents have traditionally been handled with a "lawyer-heavy" approach, but the...
We all know that May 25 was the enforcement deadline for Europe's General Data Protection Regulation. But what impact will General Data Protection Regulation have on cybersecurity programs?
GDPR, or the "Y2K" of our era, is part of a larger conversation that's been catalyzed by a lot of the recent news around...
We all know about May 25 and the enforcement deadline for Europe's General Data Protection Regulation. But what impact will GDPR have on cybersecurity programs? Danny Rogers of Terbium Labs weighs in on the topic.
The U.S. Federal Government wants its agencies to modernize their IT systems, primarily by maximizing the use of cloud platforms. But IT teams are finding this transformation challenging. Investing in IT modernization can lead to more agility, improved resilience and security and, in the long term, better citizen...