A federal court recently dismissed a case filed by a patient alleging a laboratory violated HIPAA by failing to shield her personal health information from public view. The ruling once again reaffirmed a longstanding precedent that individuals cannot sue for alleged HIPAA violations.
Europe's General Data Protection Regulation is reshaping the way organizations handle data. That's going to have an impact on the sharing of threat intelligence. But the Anti-Phishing Working Group hopes the law will provide legal clarity that will make more organizations comfortable with sharing threat data.
The EU's GDPR is already having an impact on how organizations approach data breach detection and remediation, leading many to rely more strongly on security orchestration and automation, says Allen Rogers of IBM Resilient.
When communications giant Publicis Groupe launched its GDPR compliance project, CISO Thom Langford says, "it was more a case of honing and polishing, rather than building from the ground up," thanks to its existing information security management system and complying with ISO 27001.
Driven by the EU's General Data Protection Regulation and other regulations, as well as the move to the cloud, more organizations are turning to data classification to help them silo and protect their most sensitive information, says Tony Pepper, CEO of Egress.
When June arrives in the United Kingdom, that means it's time for the annual Infosecurity Europe conference in London. Here are visual highlights from this year's event, which featured 240 sessions, 400 exhibitors and an estimated 19,500 attendees.
The U.K.'s Dixons Carphone is investigating a data breach that resulted in the suspected exposure of 5.9 million payment cards and nonfinancial information for 1.2 million customers. The incident could become the first U.K. breach to fall under the EU's General Data Protection Regulation.
One day, organizations may be able to self-certify their GDPR compliance, says an official at the U.K.'s data privacy regulator. Regardless, experts recommend that organizations ensure they are focusing on continuous GDPR compliance and regularly testing their data breach response plans.
Leading the latest edition of the ISMG Security Report: Our exclusive report on an Australian criminal investigation into a company that apparently swiped cryptocurrency using a software backdoor. Also, cutting through the hype on artificial intelligence and machine learning.
What impact will an appellate court's ruling Wednesday that vacated the Federal Trade Commission's data security enforcement action against LabMD have on the agency's long-term enforcement activities? Regulatory experts are weighing in.
Since its inception the NIST Cybersecurity Framework has been embraced across geographies and sectors. Trend Micro's Ed Cabrera talks about how to maximize the framework as a baseline for improving cybersecurity posture.
LabMD, a now-defunct cancer testing laboratory, has won a major victory in its longstanding legal dispute with the Federal Trade Commission. A U.S. Court of Appeals on Wednesday vacated an FTC enforcement action against the lab in a data security dispute dating back to 2013.