Most compliance officers will admit that they have more than enough responsibilities in their purview. They are usually not looking for more. I have some bad or good news on this front depending on your perspective. As companies struggle with cybersecurity and data privacy issues, companies should naturally turn to compliance to play a larger role in overall risk mitigation strategies. Up to now, it...
Cybersecurity compliance, like the compliance profession, is rapidly growing. The forces pushing cyber compliance are two-fold: the ever-increasing and changing nature of cyber threats and harms, and the logical application of compliance strategies. Compliance has to work closely with in-house corporate information technology. To the extent a company outsources information technology to a cloud provider, compliance will serve an even more important function in coordinating...
The nightmare scenario for corporate boards and senior executives revolves around the impact of a major data breach. We have seen this first hand with Equifax, Anthem Healthcare, and Target, as prime examples. In the Equifax case alone, it is estimated that approximately 140 million individuals had their information hacked in the attack. It is easy to understand, in these circumstances, that a company can...
The New York Department of Financial Services has adopted detailed cybersecurity regulations for financial institutions. (Here). The NYDFS has filled a vacuum created by the failure of the federal government to act in this important area. Congress has failed to enact any specific requirements; the federal government continues to rely on voluntary efforts and recommended standards. As long as this vacuum continues, state regulators and...
Cybersecurity law is a patchwork of global statutes and regulations. Unfortunately, Congress has failed to act in this area, leaving the EU and US States to “lead.” As a result, companies are often required to follow the lowest (or highest) common denominator, depending on your perspective. At the US federal level, we have specific industries that have requirements for protecting sensitive personal information. The Health...
