April

CNN report how Target reached a $3.74 million settlement in a class-action suit Thursday that alleged the retail giant's hiring process unfairly discriminated against African Americans and Latinos.

The lawsuit, which was filed by the NAACP Legal Defense Fund and two individuals on behalf of a group of job applicants, said the retail giant has used hiring policies that "exclude applicants with arrest or irrelevant conviction records from obtaining employment opportunities" and the process has "a disparate impact on African Americans and Latinos."

The NAACP Legal Defense Fund alleged that Target asked broad and outdated questions about job applicants' criminal histories, even if the crimes were not related to the job they sought.  "Target's background check policy was out of step with best practices and harmful to many qualified applicants who deserved a fair shot at a good job," said Sherrilyn Ifill, the president of the NAACP Legal Defense Fund.

"Criminal background information can be a legitimate tool for screening job applicants, but only when appropriately linked to relevant questions such as how long ago the offense occurred and whether it was a non-violent or misdemeanor offense," she added.

Most organizations understand that cybersecurity isn't just an IT risk, but rather a business and legal risk, given the vulnerabilities and potential impact. The impact and visibility are about to be greater due to mandatory data breach notification, according to Palo Alto Networks.

A recent report, The State of Cybersecurity in Asia Pacific, showed that Australian organizations are likely to embrace mandatory breach reporting requirements. The report revealed that 79 percent of IT decision-makers agreed that reporting breaches to regulators should be mandatory, and 69 percent believe reporting of data breaches to regulators will help prevent cybercrime. It also noted that voluntarily sharing cyberthreat information, among and between the private and public sectors, is a key tool to understanding and protecting against threats.

China's new National Standards on Information Security Technology - Personal Information Security Specification GB|T 35273-2017, has been released.

Some of the highlights of the new PI Specification are: clarification of key definitions and typical examples of key terms; how explicit consent is required for the collection of sensitive personal information or use of personal information for a new purpose; how personal information security impact assessments are required for; why a request for access to, correction of, copies and deletion of personal information, and withdrawal of consent, must be responded to within 30 days; why personal information of children under 14 years of age is considered sensitive information; and more.