The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Articles By Topic

By Topic: Chief Compliance Officer

  • From Vol. 4 No.2 (Jan. 31, 2018)

    How to Make the Most of Limited Compliance Resources

    Compliance departments are often being asked to do more with less as regulatory demands increase, in part from a rise in cybersecurity and privacy legislation. A recent presentation by ACA Compliance Group, “Planning Your 2018 Compliance Budget,” offered timely insight on how CCOs and compliance personnel can approach the compliance-budgeting process, get buy-in from senior management, avoid common pitfalls and stretch limited resources. The program featured Lee Ann Wilson, an ACA senior principal consultant; Sean McKeveny, an ACA consultant; and Kara J. Brown, counsel at Sidley. See “Managing the Increased Individual Risks and Responsibilities of Compliance Officers” (Jul. 29, 2015).

    Read Full Article …
  • From Vol. 3 No.25 (Dec. 20, 2017)

    How to Make the Most of Limited Resources When Planning the Compliance Budget

    With increasing regulatory demands, including a growing number of domestic and international privacy and data security rules, compliance departments are often faced with a larger scope of work yet, a limited budget. ACA Compliance Group’s recent presentation, “Planning Your 2018 Compliance Budget,” offered timely insight on how CCOs and compliance personnel can approach the compliance-budgeting process, get buy-in from senior management, avoid common pitfalls and stretch limited resources. The program featured Lee Ann Wilson, an ACA senior principal consultant; Sean McKeveny, an ACA consultant; and Kara J. Brown, counsel at Sidley. See also “Advice From Compliance Officers on Getting the C-Suite to Show You the Money for Your Data Privacy Program” (Dec. 14, 2016).

    Read Full Article …
  • From Vol. 3 No.22 (Nov. 8, 2017)

    Managing Data Privacy Across Multiple Jurisdictions

    Long gone are the days when acceptable privacy programs consist of a policy in an HR handbook. Building an effective and comprehensive privacy program that addresses wide-ranging data sets and dynamic regulations is a challenge for large and small organizations. To provide guidance on what has worked for them, Ropes & Gray teamed up with privacy professionals from Wyndham Worldwide and Facebook on a recent panel at the Privacy + Security Forum. The panelists offered advice on complying with the patchwork of U.S. laws and the growing number of global regulations and offered behind-the-scenes insight on how Wyndham built its global privacy program as well as how Facebook approaches privacy across its products. See also “Tips From Google, Chase and P&G Privacy Officers on Developing Strong Privacy Leadership and When to Use Outside Counsel” (Aug. 23, 2017).

    Read Full Article …
  • From Vol. 2 No.1 (Jan. 6, 2016)

    How the Financial Services Sector Can Meet the Cybersecurity Challenge: A Plan for Building a Cyber-Compliance Program (Part Two of Two)

    Despite the abundance of principles-based cybersecurity guidance provided by regulators, interpreting those principles and turning them into actionable items remains a formidable task.  Nevertheless, financial services professionals have a fiduciary duty to devote best efforts to mitigating cyber risk by building an appropriate risk management solution.  In a guest article, the second in a two-part series, Moshe Luchins, the deputy general counsel and compliance officer of Zweig-DiMenna Associates LLC, provides a practical blueprint to build a cyber-compliance program.  Many aspects of the blueprint are not only applicable to those in the financial industry but to other sectors as well.  The first article explored current regulatory expectations applicable to the financial services sector.  See also “Analyzing and Mitigating Cybersecurity Threats to Investment Managers (Part One of Two)” (May 6, 2015) and Part Two (May 20, 2015).

    Read Full Article …
  • From Vol. 1 No.17 (Nov. 25, 2015)

    Implementing an Effective Cloud Service Provider Compliance Program

    The ubiquity of cloud computing platforms as a tool for companies to share, store and back up critical and sensitive data has catapulted the implementation of a comprehensive third-party cloud service provider program to the top of compliance officers’ ever growing to-do lists.  During a recent seminar held by the Society of Corporate Compliance & Ethics, Web Hull, a privacy, data protection and compliance advisor provided a practical framework for engaging, managing, auditing and monitoring third-party cloud computing providers.  This article summarizes those insights, including key risks, and compiles the resources compliance officers can use to meet the relevant state and federal cybersecurity regulatory requirements.  See also “Examining Evolving Legal Ethics in the Age of the Cloud, Mobile Devices and Social Media (Part One of Two),” The Cybersecurity Law Report, Vol. 1, No. 11 (Aug. 26, 2015); Part Two,” Vol. 1, No. 12 (Sep. 16, 2015); and “The Advantages of Sending Data Up to the Cloud,” The Cybersecurity Law Report, Vol. 1, No. 6 (Jun. 17, 2015).

    Read Full Article …
  • From Vol. 1 No.14 (Oct. 14, 2015)

    Eight Ways Compliance Officers Can Build Relationships With the “Middle”

    Whether it is cybersecurity, privacy or any other type of regulatory compliance, the much-talked-about “tone at the top” is often cited as crucial for an effective compliance program.  See “Establishing Strong Cybersecurity and Data Privacy Leadership: The Roles of the Chief Information Security Officer and Chief Privacy Officer (Part One of Two),” The Cybersecurity Law Report, Vol. 1, No. 3 (May 6, 2015); Part Two, Vol. 1, No. 4 (May 20, 2015).  Ensuring that tone is conveyed throughout the organization, however, is equally important.  Getting the compliance message across typically falls on an organization’s middle managers.  A recent Society of Corporate Compliance & Ethics program featuring Charlotte Nafziger, director of compliance of T-System, Inc., explored the importance of middle management in developing an effective ethics and compliance program and the ways compliance officers can engage middle management in doing so.

    Read Full Article …
  • From Vol. 1 No.9 (Jul. 29, 2015)

    Managing the Increased Individual Risks and Responsibilities of Compliance Officers

    The heightened focus on cybersecurity has made the roles of compliance officers, often tasked with managing cybersecurity risk, more complex.  As they recognize the new challenges, more and more companies are naming full-time dedicated chief compliance officers.  In this interview with The Cybersecurity Law Report, Jonathan S. Feld, a partner and leader of the white-collar criminal defense & government investigations team at Dykema, discusses the changing role of compliance officers, the individual risks these officers take on and how the risks can be mitigated, as well as collaboration throughout the organization and the qualities that make a strong compliance officer.  See “Establishing Strong Cybersecurity and Data Privacy Leadership: The Roles of the Chief Information Security Officer and Chief Privacy Officer (Part One of Two),” The Cybersecurity Law Report, Vol. 1, No. 3 (May 6, 2015); Part Two of Two, Vol. 1, No. 4 (May 20, 2015).

    Read Full Article …