Group items tagged

The U.S. Supreme Court Monday accepted an appeal by several groups that brought a constitutional challenge to the Public Company Accounting Oversight Board created by 2002 changes in federal accounting laws. The free-enterprise groups and a Nevada accounting firm sued to stop the Securities and Exchange Commission from naming members of the accounting board, set up by Congress to oversee public-company accountants. "In creating the board, Congress deliberately sought to test the outer boundaries of its ability to reduce presidential power," the groups said in the appeal. The groups, in their lawsuit, claimed the U.S. Constitution required board members to be appointed by the president or the SEC chairman, rather than the entire commission for the securities agency. The Supreme Court's decision to hear the appeal breathes new life into the case, which didn't get much traction in lower courts. The U.S. Solicitor General's office, in court briefs, had urged the high court to reject the appeal, calling it a "poor vehicle" to resolve the constitutional issues raised by the challengers. "The president's control over the SEC is constitutionally sufficient and the act in turn grants the SEC complete and pervasive control over every aspect of the board's authority," Solicitor General Elena Kagan wrote. A U.S. federal judge dismissed the lawsuit in 2007 and the Washington-based U.S. Federal Circuit Court of Appeals also rejected the challenge in a 2-1 decision last year. The private, nonprofit board is charged with inspecting and disciplining public company accountants. The case is the Free Enterprise Fund vs. the Public Company Accounting Oversight Board, 08-861. Oral arguments will be held in the fall, and a decision is expected by July 2010.

An insurance company seeking to challenge the authority of Canada's privacy legislation and the privacy commissioner in an auto injury case will have to go to the Federal Court to make its case, the New Brunswick Court of Appeal has ruled. In State Farm Mutual Automobile Insurance Company v. Privacy Commissioner of Canada and Attorney General Canada, State Farm argued that Canada's privacy regime does not apply to surveillance tapes the insurer commissioned following a motor vehicle accident in 2005. In March 2005, Jennifer Vetter, insured by State Farm, was involved in a motor vehicle collision with Gerald Gaudet. State Farm subsequently hired a lawyer in anticipation of litigation by Gaudet against Vetter. The insurer also hired private investigators that conducted video surveillance on Gaudet. Gaudet filed a request under Canada's privacy legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA), that State Farm turn over to him the personal information it had compiled, including copies of the surveillance reports and tapes. State Farm went to the New Brunswick Court of Queen's Bench asking for "declaratory" relief on several issues. Among other things, the insurer asked for a court order declaring that PIPEDA did not apply to information obtained in a bodily injury damages claim. It also asked the court for an order confirming that the privacy commissioner had no right or authority to compel State Farm to turn over the documents. The privacy commissioner asked for a stay of proceedings in the New Brunswick court, arguing that the authority of the privacy commissioner was a matter for the Federal Court (which has jurisdiction over federal legislation such as the PIPEDA). The New Brunswick Appeal Court noted both the provincial and federal courts have jurisdiction to hear cases about the constitutionality of federal legislation. But only the Federal Court could determine the outcome of a direct challenge to the authority of the p

70 percent of UK risk managers have declared that making sure the employees in their organization are risk savvy is their biggest challenge in light of new pitfalls according to research conducted by Aon. "The risks companies are facing, such as increased company insolvencies, less access to credit and increased levels of fraud, need to be dealt with by employees throughout the organization rather than just at senior management levels," said the bulletin. According to the survey of UK businesses the key risk management challenges they face in 2009 are: -- Embedding ERM in the culture of the organization 70 percent -- Keeping 'risk registers' real and relevant 47 percent -- Making the link between ERM and strategic planning processes 34 percent -- Gaining senior executive sponsorship 19 percent -- Making business continuity plans relevant to line managers 13 percent -- Credit rating agency scrutiny of ERM 6 percent Alex Hindson, head of enterprise risk management at Aon Global Risk Consulting commented: "When the markets are literally crashing down around us and we don't know what is just around the corner it is extremely tempting to focus just on the problems of today, rather than look at the issues and factors that are going to help us survive tomorrow, but this short term view can often be counter-productive.

Proof that George Bush was actually protecting us by limiting access to government information!

At the National Archives and Records Administration's annual conference Thursday, one keynote speaker asked the crowd of several hundred how many of the archivists in attendance were sold on the use of social media. Only a smattering raised their hands. Clearly, it's a challenge for the government to figure out how to navigate complex archival and e-discovery regulations that require it to capture and store all sorts of new content in the age of social media, cloud computing, and seemingly endless storage. "The federal government is in a constantly evolving records environment," Adrienne Thomas, acting archivist of the United States, said in a luncheon speech to the conference. "These are exciting and challenging times." Obama administration ambitions toward cloud computing and more openness only make that issue more complicated. "Many of us in the federal records administrations have struggled with the implications of this new direction," Paul Wester, director of modern records programs at the National Archives, said in an interview. "We deeply believe in transparency and openness, but we are concerned about FOIA, HIPAA, the Privacy Act, personally identifiable information, and compliance with the Disability Act and Federal Records Act."

With increasing dependency on information systems and advances in cloud computing, the smart grid and mobile computing, maintaining the confidentiality and integrity of citizens' personally identifiable information is a growing challenge. A new draft document from the National Institute of Standards and Technology (NIST) addresses that challenge by adding privacy controls to the catalog of security controls used to protect federal information and information systems.

Rarely is the response to a new government initiative a unanimous round of "thumbs up," but so far that seems to be the case regarding yesterday's (April 9) announcement that The Defense Department and the Department of Veterans Affairs will collaborate on building an electronic database of administrative and medical information for U.S. servicemen and women. Since developing a broad electronic health records (EHRs) initiative is a prominent feature of the Obama Administration's economic stimulus plan, it makes sense to start (or at least focus) on a defined segment of the population -- current and past military personnel. But, apart from the specific technology, architecture and technical administration aspects of this program, there will be other challenges in pursuing the goal of EHRs for the military -- challenges that insurance technology executives know only too well. These include collaboration among different and sometimes competing interests (in this case, the Department of Defense (DOD) and the Department of Veterans Affairs (VA), which historically have not worked together as closely as one might imagine); and concerns about privacy and security. In fact, the ways in which the military EHRs initiative addresses the privacy issue could provide some interesting best practices (or actions to avoid) for private-sector players. "Currently, there is no comprehensive system in place that allows for a streamlined transition of health records between DOD and the VA," President Barack Obama said at yesterday's announcement, "and that results in extraordinary hardship for an awful lot of veterans who end up finding their records lost, unable to get their benefits processed in a timely fashion. And that's why I'm asking both departments to work together to define and build a seamless system of integration with a simple goal: When a member of the Armed Forces separates from the military, he or she will no longer have to walk paperwork from a DOD

www.killdo.de.gg Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com

As if you needed another sign that times are tough, here's a fairly reliable measure: The number of cases handled by the advertising industry's best-kept secret -- self-regulation -- are on the rise. Last year the National Advertising Division of the Council of Better Business Bureaus handled 214 cases, up 22% from 2007. And in 2008 ad challenges, in which one advertiser challenges a competitor's claim, rose 31% to 81 cases. Why the increased activity? It's a deadly fight for share of market out there, and in down times advertisers tend to revert to hard-hitting comparative advertising. NAD's purpose is to substantiate these kinds of attack ads, and it can do it faster and cheaper than litigation can. The Federal Trade Commission seems to like the idea of letting advertisers settle their own disputes. When the National Advertising Review Council, the body that sets the policies and procedures for the NAD to enforce, started 38 years ago, then-FTC Chairman Bob Pitofsky wasn't an early convert. "If the truth be known," he said 10 years ago, "there was some skepticism about how the whole thing would work. The FTC had been burned time and time again by unkept promises of self-regulation by other industries. But this group has proved the skeptics wrong. Today, advertising has the best self-regulatory system of any industry in the country." The outgoing chairman of the FTC, William Kovacic, is also a fan. But the current crop of FTC commissioners don't seem as convinced, although they seem somewhat willing to give self-regulation a chance. In issuing guidelines for online behavioral advertising, FTC Commissioner Jon Leibowitz said the industry needs to do a better job of "meaningful, rigorous self-regulation, or it will certainly invite legislation by Congress and a more regulatory approach by our commission."A joint industry task force quickly seized on that statement as an endorsement for self-regulation, and said it supported FTC's goal of a "comprehensive and eff

Did we need more proof that a chain is only as strong as its weakest link?

A secure Web mail company that challenged hackers to break into the company's Web mail system is paying out a US$10,000 prize, just days after launching the contest. A team of hackers managed to hack into StrongWebmail CEO Darren Berkovitz's Web mail account, using what's known as a cross-site scripting (XSS) attack, the company confirmed Monday. "They did it using an XSS script that took advantage of a vulnerability in the backend webmail program," StrongWebmail said in a statement. StrongWebmail launched the contest at the end of May as a way of promoting the voice-based identification technology sold by its parent company, Telesign. Hackers were given Berkovitz's e-mail address and password and challenged to break into the account. The company thought this would prove difficult because StrongWebmail requires a special password that is telephoned to the user before e-mail can be accessed.

President Barack Obama's plan to overhaul U.S. infrastructure includes constructing a nationwide "smart grid" that promises to help address many of our current energy challenges. The smart grid plan offers the hope that it "will save us money, protect our power sources from blackout or attack, and deliver clean, alternative forms of energy to every corner of our nation." While these are noble societal goals, smart grid technologies and systems as envisioned also raise concerns about individual privacy rights. Part of what makes the smart grid "smart" is its ability to know a lot about the energy-consuming devices in our homes and to monitor activity for those devices to help determine when power should be used or limited. Such knowledge is useful in regulating power consumption to use energy more efficiently. In addition to reaching into homes to regulate devices, information about usage and activities could be extracted from homes. Home energy consumption patterns could be gathered and analyzed on a room-by-room and device-by-device basis to determine which devices are used and at what time of day. Although this sort of information may not be considered terribly invasive for some, for others anything that violates the sanctity of "home" may cause tremendous concern.

The loss of personally identifiable information, such as an individual's Social Security number, name, and date of birth can result in serious harm, including identity theft. Identity theft is a serious crime that impacts millions of individuals each year. Identity theft occurs when such information is used without authorization to commit fraud or other crimes. While progress has been made protecting personally identifiable information in the public and private sectors, challenges remain. GAO was asked to testify on how the loss of personally identifiable information contributes to identity theft. This testimony summarizes (1) the problem of identity theft; (2) steps taken at the federal, state, and local level to prevent potential identity theft; and (3) vulnerabilities that remain to protecting personally identifiable information, including in federal information systems. For this testimony, GAO relied primarily on information from prior reports and testimonies that address public and private sector use of personally identifiable information, as well as federal, state, and local efforts to protect the security of such information. GAO and agency inspectors general have made numerous recommendations to agencies to resolve prior significant information control deficiencies and information security program shortfalls. The effective implementation of these recommendations will continue to strengthen the security posture at these agencies. Identity theft is a serious problem because, among other things, it can take a long period of time before a victim becomes aware that the crime has taken place and thus can cause substantial harm to the victim's credit rating. Moreover, while some identity theft victims can resolve their problems quickly, others face substantial costs and inconvenience repairing damage to their credit records. Some individuals have lost job opportunities, been refused loans, or even been arrested for crimes they did not commit as a result of identit

The loss of personally identifiable information, such as an individual's Social Security number, name, and date of birth can result in serious harm, including identity theft. Identity theft is a serious crime that impacts millions of individuals each year. Identity theft occurs when such information is used without authorization to commit fraud or other crimes. While progress has been made protecting personally identifiable information in the public and private sectors, challenges remain. GAO was asked to testify on how the loss of personally identifiable information contributes to identity theft. This testimony summarizes (1) the problem of identity theft; (2) steps taken at the federal, state, and local level to prevent potential identity theft; and (3) vulnerabilities that remain to protecting personally identifiable information, including in federal information systems. For this testimony, GAO relied primarily on information from prior reports and testimonies that address public and private sector use of personally identifiable information, as well as federal, state, and local efforts to protect the security of such information. GAO and agency inspectors general have made numerous recommendations to agencies to resolve prior significant information control deficiencies and information security program shortfalls. The effective implementation of these recommendations will continue to strengthen the security posture at these agencies. Identity theft is a serious problem because, among other things, it can take a long period of time before a victim becomes aware that the crime has taken place and thus can cause substantial harm to the victim's credit rating. Moreover, while some identity theft victims can resolve their problems quickly, others face substantial costs and inconvenience repairing damage to their credit records. Some individuals have lost job opportunities, been refused loans, or even been arrested for crimes they did not commit as a result of identit

Goodwin Procter Experts Discuss Data Privacy and Security Best Practices at IAPP Privacy Academy BOSTON, Sept. 15 /PRNewswire-USNewswire/ -- According to a new survey conducted by Goodwin Procter LLP and the International Association of Privacy Professionals (IAPP), companies face three significant challenges - cost, time and number of vendors involved - in complying with new data security rules issued by the Commonwealth of Massachusetts earlier this year. The Commonwealth of Massachusetts has issued rules, which take effect on March 1, 2010, that impose significant data security requirements on entities possessing personal information of state residents, including entities based outside Massachusetts. The intent of the rules is to protect sensitive data and safeguard the public's privacy.

PCI - better than nothing, but still vastly inadequate. - Karl The Heartland Payment Systems and Network Solutions data breaches have thrust the Payment Card Industry Data Security Standard (PCI DSS) into the spotlight, raising the question: Does PCI compliance help in the fight against fraud? David Taylor, founder of PCI Knowledge Base, recently administered new research on PCI compliance, and in an exclusive interview he discusses: Goods news - and not-so-good-news - about PCI compliance; Unique PCI challenges for merchants and banking institutions alike; What needs to be done to raise awareness of PCI compliance. Taylor founded the PCI Knowledge Base and before that the PCI Alliance. He worked with many leading edge companies as an analyst for Gartner for 14 years. The PCI Knowledge Base is a research community that shares information and knowledge to help merchants, banks and other organizations achieve PCI compliance.

The Heartland Payment Systems and Network Solutions data breaches have thrust the Payment Card Industry Data Security Standard (PCI DSS) into the spotlight, raising the question: Does PCI compliance help in the fight against fraud? David Taylor, founder of PCI Knowledge Base, recently administered new research on PCI compliance, and in an exclusive interview he discusses: Goods news - and not-so-good-news - about PCI compliance; Unique PCI challenges for merchants and banking institutions alike; What needs to be done to raise awareness of PCI compliance. Taylor founded the PCI Knowledge Base and before that the PCI Alliance. He worked with many leading edge companies as an analyst for Gartner for 14 years. The PCI Knowledge Base is a research community that shares information and knowledge to help merchants, banks and other organizations achieve PCI compliance.

"It was fascinating to read your thoughts about our recent conversation in CSO (see The Many Challenges of Finding Work as a CISO/CSO"). And when I say "fascinating," I mean in the sense of watching Nascar: a lot of predictable left turns and some really embarrassing, squirm-inducing shots of the fans. I do like you, I think you're a nice guy, and so I wanted to give you some feedback about the interview process and what you're going to need to change to be successful. I don't think you're going to enjoy reading this. But maybe some of those hours that you're spending maintaining that "vast database" of yours could be better spent understanding why we hired someone who understands they're an engineer."

One of the most enlightening articles I have seen on the value of security to corporate America.

"Beginning next week, the FTC will hold a series of public roundtables covering the growing number of challenges to consumer privacy on the Internet. Dubbed "Exploring Privacy," the daylong discussions will focus on "the collection and use of information by retailers, data brokers, third-party applications, and other diverse businesses." Hold that yawn. Behavioral tracking and ad targeting have everything to do with the pesky "Warning!" pop-up blinking behind your browser window right now. The one that could shatter your online privacy. In advance of the roundtables, Fast Company spoke with online privacy advocates Jules Polonetsky, co-chair and director of the Future of Privacy Forum, and Ari Schwartz, vice president and chief operating officer of the Center for Democracy and Technology. Below, Polonetsky and Schwartz highlight five of most nefarious techniques used to trick and track you." 1. "Malvertising Gangs" 2. Flash Cookies 3. "Cookie appends" 4. Personal Health Data 5. ISP Tracking

"The Federal Trade Commission will host a series of day-long public roundtable discussions to explore the privacy challenges posed by the vast array of 21st century technology and business practices that collect and use consumer data. Such practices include social networking, cloud computing, online behavioral advertising, mobile marketing, and the collection and use of information by retailers, data brokers, third-party applications, and other diverse businesses. The goal of the roundtables is to determine how best to protect consumer privacy while supporting beneficial uses of the information and technological innovation."

"Yesterday, the U.S. District Court for the District of Columbia issued the attached opinion upholding the American Bar Association's challenge to the FTC's Identity Theft Red Flags Rule and enjoining the FTC from enforcing its Rule against lawyers. This memorandum opinion follows an October 29 oral argument and bench ruling. This ruling may have significance beyond the legal profession, and may limit the FTC's ability to enforce its Red Flags Rule against professionals, retailers, health care providers and other businesses that bill their clients and customers in a manner similar to lawyers. "

"In light of a spike in identity theft and the frequency with which personal information is stored on portable devices, the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA) have expanded Generally Accepted Privacy Principles (GAPP) to include protocols for securing and disposing of personal information. "Safeguarding personal information is one of the most challenging responsibilities facing an organization, whether such information pertains to employees or customers," said Everett C. Johnson, CPA, chair of AICPA/CICA Privacy Task Force and a past international president of ISACA, a global information technology association. "We've updated the criteria of our privacy principles to minimize the risks to personal information." GAPP offers guidance and best practices on securing portable devices, breach management and ensuring continued effectiveness of privacy controls. The guidance additionally covers disposal and destruction of personal information. The principles are designed for chief privacy officers, executive management, compliance officers, legal counsel, CPAs and CAs offering technology advisory services. "Portable tools such as laptops and memory sticks provide convenience to employees but appropriate measures must be put in place to secure them and the data they contain," said Donald Sheehy, CA.CISA, CIPP/C, associate partner with Deloitte (Canada) and a member of the AICPA/CICA Privacy Task Force. "We must stay abreast of technological advances to assure that proper measures are put into place to defend against any new threats." Created by the AICPA/CICA Privacy Task Force, GAPP is designed to help an organization's management team assess an existing privacy program or address privacy obligations and risks. The principles provide a framework for CPAs and CAs to offer privacy services to their clients and employers, such as advisory services, privacy risk assessments and attestation or

"The U.S. Supreme Court Monday will hear arguments for and against the constitutionality of the oversight board established to monitor public company financial activity as part of the Sarbanes-Oxley regulation. The Sarbanes-Oxley Act was created and enacted into law partly in response to corporate accounting scandals such as Enron and WorldCom. The regulatory standard set out to reduce such fraudulent financial activities and provide an oversight mechanism for public companies. Part of the law includes the establishment of the Public Company Accounting Oversight Board (PCAOB), which consists of five members appointed by the Securities and Exchange Commission (SEC). The arguments to be heard this week relate directly to the PCAOB. While set up to regulate financial accounting at companies, those opposed to the board's powers argue that because its members are not appointed by the president, the board's control is unconstitutional based on the country's tenets of three branches of government. The challengers to the law say that the PCAOB lacks the presidential control required for executive branch agencies because the five members are appointed by the SEC, which doesn't fall under presidential powers. As a private agency in essence, the PCAOB is able to act as a government authority, which the Free Enterprise Fund believes to be unconstitutional. "

"A federal law designed to prevent employers and health insurers from discriminating against an individual based on their genetic predisposition to disease took effect late last month, signaling a new era where intermingling genetic advances and privacy concerns create new challenges in health care. But left out of the federal Genetic Information Nondiscrimination Act, commonly known as GINA, were privacy protections for individuals seeking long-term care, disability and life insurance coverage. Each of those areas was left up to the individual states. At least 10 states regulate the use of genetic information in long-term care insurance. But in California, privacy protections were left to expire by lawmakers in January 2008. Mark Billingsley, spokesman for state insurance commissioner Steve Poizner, said in an e-mail that there "appears to be a giant loophole" in California's insurance code regarding long-term care insurance and genetic privacy protections. He said he couldn't identify a single provision in the state code that would preclude a private insurer from requesting such a test for underwriting purposes. "

"Sun Microsystems, Inc. and Deloitte today announced a collaborative initiative to help companies develop efficient, cost-effective and sustainable technology and business processes to address their unique regulatory compliance and technology governance challenges. As part of this initiative, Sun and Deloitte today announced their plans for the Center for Technology Governance and Compliance (CTGC), which combines Deloitte's consulting and advisory services with Sun's IT management solutions and services, including its Information Lifecycle Management (ILM) and Identity Management technology portfolios. Access to the professionals and services within the CTGC is available through Sun Solution Centers. To learn more, please visit http://www.sun.com/compliance or http://www.deloitte.com/ . As a worldwide leader in network computing systems, Sun provides scalable solutions designed to protect and manage business-critical information through its lifecycle. The combination of Deloitte and Sun brings together complementary competencies to deliver a business-driven, technology-enabled framework for creating and implementing technology governance and compliance strategies and programs."