Subscribe To Our Daily Enewsletter:


Cybersecurity breaches, attacks, data and customer privacy issues involving compliance regulations like HIPAA, PCI, Sarbanes-Oxley and more.

Does Yahoo’s SEC Cyber Disclosure Settlement Set Enforcement Bar?

The SEC’s recent $35 million settlement over the Yahoo! data breach provides an object lesson in the consequences of failing to publicly disclose a major cyberattack.

Colorado Law Tightens Data Breach Notification Rules

Colorado Gov. John Hickenlooper has substantially tightened reporting requirements for organizations hit by a data breach and firmed up measures to protect consumers’ confidential information.

M&A and Cyber Diligence: New York’s DFS Issues a Reminder

Financial services & insurance companies with New York ties must look beyond their own data cybersecurity practices when considering M&A, Patterson Belknap explains.

Cambridge Analytica and Facebook: Latest Lessons for Enterprise

The Facebook and Cambridge Analytica data story offers timely lessons for leaders and practitioners in the security, risk and assurance communities. ISACA explains.

Privacy, Compliance or Breach Laws: Indifference Doesn’t Pay Off

Regulatory environments across the globe are changing to enforce data security, with a focus on data breach response. Here’s what to seek in a partner.

Georgia Crime Bill: Putting White Hat Hackers, Vulnerability Threat Hunters at Risk?

Cybersecurity specialists, computer scientists, business owners, academics & students urge Georgia Governor Nathan Deal to veto a hacking crime bill they say will hamper white hat researchers from uncovering security flaws.

Canada Imposes New Data Breach Reporting Regulations on Organizations

Canadian organizations will soon be obliged to meet minimum reporting requirements following a personal data breach, the country’s federal government said.

GDPR Assessment Provides Customized Guidance

ISACA’s GDPR Assessment helps users and their enterprises identify gaps in their GDPR readiness, and offers guidance on how to resolve those gaps.

How to Avoid A Compliance Breakdown

If you want your car to last, you must embrace regularly scheduled service. The same is true of any compliance program, whether it be the PCI Data Security Standard, the forthcoming GDPR or ISO 27001 certification.

Education Department Threatens to Pull Funding for Non-Compliance

U.S. Department of Education (ED) guidance threatens to “yank” Title IV funding for post-secondary institutions lacking appropriate data security safeguards.