The February 2007 FTC Report to Congress, “Implementing the Children’s Online Privacy Protection Act” (COPPA) provides a good look into the compliance actions and failures of numerous organizations to appropriately comply with this law designed to protect the privacy of children under 13 years of age.
Posts Tagged ‘corporate governance’
FTC’s COPPA Report Recommends Larger Penalties and More Education
Monday, March 5th, 2007Email Smack Down: Morgan Stanley Charged by NASD with Purposefully Withholding Emails
Thursday, December 21st, 2006Today it was widely reported, including on Computerworld, that Morgan Stanley claimed millions of their emails requested for arbitration were destroyed during the 9/11 terrorist attacks. The National Association of Securities Dealers (NASD) accused Morgan Stanley of in fact having the emails on backup media the entire time.
PCAOB Formally Proposes New Auditing Standard for Section 404 of SOX
Wednesday, December 20th, 2006Yesterday the SEC issued a press release regarding a Public Company Accounting Oversight Board (PCAOB) proposal for a new auditing standard for Section 404 of the Sarbanes-Oxley (SOX) Act. The goal of the proposal will be to strengthen investor protection while getting rid of what is referenced as the “unduly expensive and inefficient auditing standard under Section 404.”
Data Ransom Story: Crooks Targeting Small Businesses and Individuals
Tuesday, December 19th, 2006Yesterday USA Today ran a report, “Cybercrooks hold PC data captive.”
This is nothing new, I blogged about this type of ransom scheme earlier this year. The crooks are getting more creative.
Data Ransom Story: Crooks Targeting Small Businesses and Individuals
Tuesday, December 19th, 2006Yesterday USA Today ran a report, “Cybercrooks hold PC data captive.”
This is nothing new, I blogged about this type of ransom scheme earlier this year. The crooks are getting more creative.
Demystifying Privacy Laws: What You Need to Know to Protect Your Business
Friday, June 30th, 2006We are undergoing a data protection renaissance. New laws have considerably expanded corporate obligations regarding security and privacy for information in all forms. A significant obligation of the laws is applicable to basically all organizations; the duty to provide reasonable security for all corporate information. Bottom line, generally all organizations have some legal obligation to establish effective information security programs. It is important to realize that in most cases there are no hard and fast rules regarding which specific security measures a company should implement to satisfy its legal and privacy law obligations. In this podcast I discuss what you need to know to protect your business when trying to comply with the multitude of privacy laws, and I describe a unified, process oriented best practice approach organizations can use to address the requirements of such laws as HIPAA, GLBA, Canada’s PIPEDA, the EU Data Protection Directive, among many, many others.
MP3: Rebecca Herold – Demystifying Privacy Laws: What You Need to Know to Protect Your Business
Information Security and Privacy Professionals MUST Work Together to be Successful
Tuesday, June 6th, 2006A few weeks ago I discussed the need for Information Security and Privacy professionals to work together to be successful. Yesterday I posted a new podcast that expands upon this topic, and I also describe 14 business trends that information security and privacy professionals must collaborate with each other to address. If you get a chance to listen, please let me know what you think!
