Medical records theft from NFL team’s trainer could violate HIPAA

Late last month, the NFL Players Association informed its member teams that a Washington Redskins trainer's laptop containing players' medical records was stolen and that it would collaborate with the U.S. Department of Health and Human Services to determine possible patient privacy violations....
PCI DSS 3.2 multifactor requirement among the version’s biggest changes

Details surrounding the updated Payment Card Industry Data Security Standard show that version 3.2 includes new multifactor authentication and encryption requirements. Also in recent GRC news: SEC enforcement actions -- or the lack of them -- are raising concerns about the agency's ability to...
Apple, FBI face off in iPhone backdoor debate

This week, Apple chief Tim Cook said in a letter to the company's customers that it won't give in to the FBI's demand to create an iPhone backdoor....
Repeat HIPAA violators face minimal ramifications

Despite several HIPAA violations, recent data analysis found U.S. healthcare providers such as CVS and the VA face few punitive actions. Also in recent GRC headlines: Companies have two more years to meet the TLS requirement under PCI DSS, and experts foresee big changes ahead for the FCPA's...
New York proposes banking rules to block terrorism funding

The governor of New York has introduced new state banking rules designed to curb money laundering and block terrorism funding. Also in recent GRC news: Most healthcare organizations lack HIPAA-compliant messaging apps; the Fed adopts stricter bailout measures; and a former SEC commissioner says the...
Fed Chair says regulatory compliance problems persist at large banks

In recent regulatory compliance news, the Federal Reserve Chairwoman testified before a House panel that very large U.S. banks still experience "substantial" GRC management failures; recent research casts doubt...
Goldman Sachs faces $50 million fine to settle document leak case

This week, Goldman Sachs agreed to pay a $50 million fine to settle a case in which a former employee leaked confidential information from the New York Fed. Also in the news: Bristol-Myers Squibb and other pharma companies face foreign bribery probes; a study found that earnings misstatements are...
What’s compliance worth to the business?

In part one of this blog post, we unpack the drivers behind the surge of demand on compliance investments and skilled staff, including new agencies that...
As regulatory wave swells, boards put new focus on compliance functions

Boards of directors are increasingly seeing the value of regulatory compliance, as the past year has seen a worldwide spike in compliance spending and the hiring of skilled compliance staff, according to data collected...
Fitbit achieves HIPAA compliance, targets more corporate customers

Wearable fitness tracker company Fitbit recently announced that its devices are now HIPAA-compliant, broadening the types of businesses it aims to work with. Also in recent GRC news: CFOs report widespread earnings misrepresentation; SEC proposed changes to its administrative...