A new privacy regulation in Massachusetts evokes anxiety for many, but getting in line may prove to be no big deal, reports Greg Masters.

Forty-one percent of merchants are relying on compensating controls to meet Payment Card Industry Data Security Standard (PCI DSS) requirements, according to a survey released Monday by the Ponemon Institute and commissioned by encryption firm Thales. The survey, which polled 155 qualified security security assessors, who are charged with confirming a company's adherence to PCI. Compensating controls "may be considered for most PCI DSS requirements when an entity cannot meet a requirement explicitly as stated, due to legitimate technical or documented business constraints," according to the PCI Security Standards Council. — DK

Data breaches involving privacy information continue to increase despite the costs, embarrassment and negative publicity associated with them.

Information security budgets will get a boost at many organizations in 2010, according to a study released Tuesday by IT research company TheInfoPro. The study, based on interviews of 259 security decision makers at Fortune 1000 and mid-size organizations, found that 40 percent of enterprises are planning to increase their 2010 security budgets. Data leakage prevention topped the list of projects planned for 2010, followed by identity management and compliance initiatives. — AM

In 2004 at the World Economic Forum, Bill Gates proclaimed: "Two years from now, spam will be solved." Six years later there is no indication that the spam problem will ever be solved. So what went wrong?

Organizations must reconsider how they respond to compliance requirements.

Solutionary, provider of managed security services, has teamed up with Singapore-based e-Cop to offer a suite of security and compliance services. The companies will offer customers common security monitoring, management and compliance services and in-country support in more than 20 languages.

Compliance management vendor Trustwave announced on Tuesday the acquisition of data encryption vendor BitArmor. Trustwave plans to integrate BitArmor's file- and full-disk encryption technology into its current data leakage prevention and endpoint security solution to help clients comply with regulations that are increasing the demand for encryption. Meanwhile, Symantec on Tuesday announced plans to buy Gideon Technologies, provider of IT risk automation, to better serve public-sector customers. Terms of both deals were not disclosed. — AM

After breaches such as at Heartland Payment Systems, the time may have come for organizations to stop relying on security assessments in favor of potentially more effective risk management tactics.

EMC on Monday acquired arguably the most successful pure-play GRC provider, Archer Technologies.