Is SWIFT now playing good cop/bad cop? While it initially promised to not police the financial services industry, it's now considering training auditors and suspending banks found to have poor information security practices.
HIPAA has long provided patients with the right to access their own "designated record set" of protected health information. But federal regulators are on a campaign to help patients and healthcare organizations understand records access rights, as well as the related privacy risks.
ISMG editors, in a special report, examine the status of data breach notification laws in a number of regions, including the European Union, which this past week implemented the General Data Protection Regulation, although enforcement won't take place for two years.
Since California passed its pioneering data breach notification law in 2003, many other states and some countries have followed suit. Here's a closer look at the status of breach notification requirements in four regions.
Troy Hunt, who runs one of the most prominent services for discovering if your data has been exposed in a breach, shares his thoughts on LinkedIn's recent breach and how his approach to disseminating data breach details continues to evolve.
Start preparing immediately for the EU's new General Data Protection Regulation - even though it doesn't go into force for two more years - because it mandates a number of new privacy and security requirements, warns cybersecurity expert Brian Honan.
The College of Healthcare Information Management Executives is calling on Congress to create financial incentives for healthcare providers to boost their cybersecurity. Leslie Krigstein of CHIME offers examples of potential incentives in this in-depth audio report.
LinkedIn failed to force all users to reset their passwords after a 2012 breach of at least 6.5 million credentials came to light. But it turns out the breach actually compromised 167 million accounts. Whoops.
Neither Australia nor New Zealand currently has laws on the books requiring organizations to notify people affected by data breaches. But both countries do say they are committed to introducing that requirement.
The manufacturers of wearable health devices should incorporate key privacy and security best practices into the R&D of their products, says privacy advocate Michelle De Mooy of the Center for Democracy & Technology, who describes recommendations in a new study.
In today's rapidly changing cyber threat environment, the federal government needs to take a lead role in making sure mobile device security is adequate, says security researcher Stephen Cobb, who analyzes ongoing investigations by the FTC and FCC in this audio interview.
A data breach notification service bought what appear to be 117 million username and poorly hashed passwords obtained via the 2012 breach of LinkedIn. That's a far cry from the 6.5 million stolen passwords that initially came to light.
A judge has declined to share details of a flaw exploited by the FBI - either in the Firefox browser or modified Tor version - during the course of a large child pornography investigation, saying Mozilla should deal directly with the U.S. government.
The U.S. Supreme Court this week sided with data aggregator Spokeo in a case dealing with when consumers can sue for privacy violations. The high court remanded the case to the Ninth Circuit Court of Appeals to examine the issue of whether the plaintiff was harmed when Spokeo published incorrect information about him.
America's cyber infrastructure is under constant attack, and damage to it could have significant consequences. But the presidential candidates haven't had much to say about the issue. At ISMG's Fraud and Breach Prevention Summit, a panel of experts will address how the next president should tackle cybersecurity.