All companies storing personal data on Massachusetts residents have just over a month to ensure that their contractors, suppliers, technology providers and other third parties comply with a provision of a state data breach law that went into effect in March 2010
via Final phase of Mass. data protection law kicks in March 1.
The FTC alleged that after the personalized offers feature was enabled, extensive information was collected from the user and transmitted to Upromise, including the names of all websites visited, all links clicked by the user and information that users entered into certain web pages, such as usernames, passwords, search terms, credit card information, expiration dates, security codes and social security numbers. The FTC alleged that there was no way a user would be able to detect the extent of the data being collected by the Upromise software without special software and technical expertise
The PCI SSC stated that while Visa is not requiring merchants to file a ROC or AOC, the merchant still has to ensure that it is PCI DSS compliant. This means that the merchant still must go through the PCI compliance assessment process of a ROC or respective SAQ to ensure that their controls are functioning properly.
via The (EMV/Contactless) World According To Visa « PCI Guru.
CenITex, the Victorian Government’s shared services IT agency, will adopt a new IT governance, risk and compliance (ITGRC) package to improve its information security function.
via Agency to deliver shared governance, risk compliance service.
The Compliance Checker runs an assessment on ESX/ESXi hosts managed by vCenter
The assessment is based on a predefined subset of 29 of the vSphere 4.1 Security Hardening Guide rules and is run against the first 5 ESX/ESXi hosts found on the target vCenter
via VMware: VMware Security & Compliance: VMware’s CP&C releases another free Compliance Checker!.
One of the ways our customers can be are assured their data is protected is through third-party audits and certifications. Since 2008, Google Apps has successfully undergone annual SAS 70 Type II audits. This year the SAS70 Type II audit has evolved into the SSAE 16 Type II attestation and its international counterpart, ISAE 3402 Type II. We’re happy to announce that Google is one of the first major cloud providers to be certified for compliance to these new audit standards.
An official at HHS Office for Civil Rights says the agency has not decided whether to include business associates in its HIPAA-compliance audit plans, HealthLeaders Media reports.
via OCR Deciding Whether To Run HIPAA Audits on Business Associates – iHealthBeat.
The Department of Health and Human Services should not require hospitals and other entities covered by the Health Insurance Portability and Accountability Act to provide to individuals on request a report detailing all internal disclosures of their personal health information from electronic designated record sets, the AHA told the department in a letter today. AHA said the proposal, included in a proposed rule modifying the HIPAA privacy rule under the HITECH Act, fails to meet the law’s requirement to “appropriately balance the relevant privacy interests of individuals with the substantial burdens on covered entities, including hospitals.” The association urged HHS to withdraw the proposal and “reissue a request for information aimed at better reflecting the statutory requirements, the technological realities, and better alignment of the regulation’s effectiveness with the compliance burdens.” While generally endorsing the rule’s proposed accounting of disclosures revisions, AHA urged additional changes to ensure a proper balance of the value of the information to patients with the burdens to covered entities of producing it. AHA also urged HHS to retract the rule’s preamble commentary about the HIPAA security rule in order to reflect longstanding department guidance.
via AHA urges changes to proposed rule for PHI disclosures.
ControlCase Data Discovery enables large and small businesses and organizations to find credit and debit card information that could be stored in their systems in violation of the Payment Card Industry (PCI) Data Security Standard (DSS) Finding credit card data is one of the key and initial steps needed for compliance
via ControlCase Data Discovery » Downloads.
