On January 1, 2010, two important state data security and privacy laws took effect in Nevada and New Hampshire. The laws create new obligations for most companies that do business in Nevada and for health care providers and business associates in New Hampshire.

Nevada’s law requires “data collectors,” including government agencies and businesses, that accept payment cards and are “doing business” in Nevada to comply with the Payment Card Industry Data Security Standard (“PCI DSS”). Nevada now becomes the only state to require compliance with PCI DSS in its entirety.

Read the rest of this entry »

There’s nothing like sitting in your work cubicle, in the dead of winter and during the middle of a swine flu epidemic, while listening to your nearest coworker coughing her heart out. Sympathy can quickly turn to resentment as jumpy employees around her worry that every cough is sending battalions of pesky microbes marching off in their direction.

Unless sick employees stay home, those microbes could decimate a formerly healthy workforce — just as business is starting to pick up around the globe. Can employers make such employees stay away so that an injury to one doesn’t become an injury to all?

Read the rest of this entry »

Here are three resolutions I’d love to see the ethics and compliance community adopt for 2010.

First, let’s promote innovative approaches to regulation that are less descriptive of process, and focus instead on real accountability. For example, SOX mandated an anonymous reporting channel for employees to report financial fraud or misconduct. Consequently, businesses adopted some form of a hotline, which barely moved the needle in encouraging people to report misconduct. But what if

Read the rest of this entry »