It seems that some of the nation’s largest public company banks must be avid readers of this blog and have taken to heart our 2013 prediction that the SEC would require greater disclosure related to data security risks and breaches. In their recent annual reports, Goldman Sachs Group Inc., Citigroup, Inc., Bank of America Corp…. Continue Reading
Category Archives: Security
Subscribe to Security RSS FeedFTC Staff Report Shines a Light on the Treacherous Road Ahead for Mobile Payments
Posted in Data Compliance & Security, Privacy Regulation, SecurityWritten by Jake Romero Perhaps we are being cynical, but if we imagine the current conversation between consumers and the makers of mobile payment applications, it would be something along the lines of: Mobile Payment Industry: “Hello Consumer, would you like to start using your mobile device to transmit payments and make purchases?” Consumer: “Thank… Continue Reading
Detailed Summary of Cybersecurity Executive Order
Posted in Privacy Regulation, SecurityOur colleagues in our Washington, DC office have prepared a detailed summary of the President’s Cybersecurity Executive Order. Read Summary of Final Cybersecurity Executive Order
President Signs Cybersecurity Executive Order
Posted in Data Compliance & Security, Security“America must … face the rapidly growing threat from cyber-attacks. Now, we know hackers steal people’s identities and infiltrate private emails. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems. We cannot look back… Continue Reading
Data Privacy Day 2013 – Tip #2 – Dust off your information security policy (or start putting one in place…)
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, Privacy Regulation, SecurityWritten by Amy Malone Do you have a comprehensive information security program? Many businesses are still operating without one, leaving them open to preventable data breaches. The importance of info security programs was yet again underscored by the recent settlement between Cbr Systems and the Federal Trade Commission regarding a breach that affected 300,000 consumers…. Continue Reading
Data Privacy Day 2013 – Passwords
Posted in SecuritySomething everyone can do for Data Privacy Day: make it a point to change at least one password and make it “long and strong.” Here are some tips for building strong passwords from David Sherry, Chief Information Security Officer at Brown University: To create a strong password, you should use a string of text… Continue Reading
International Data Privacy Day is Monday
Posted in Data Compliance & Security, Employee Privacy, SecurityTime for some tips to keep your company (and your employees) safe online – Are your employees trained to maintain company privacy standards? Conduct employee training on privacy as it relates to employment, helping employees learn how to protect the privacy of clients’ and customers’ personal information and teaching employees how to manage their own… Continue Reading
HITECH Omnibus Rule Basics
Posted in HIPAA/HITECH, Privacy Regulation, SecurityAs we pore through the 562-page HITECH Omnibus Rule released by the Department of Health and Services late yesterday afternoon, here are some top line bullet points: Effective Date: Rule becomes effective on March 26, 2013. Covered entities and business associates must comply by September 23, 2013. Business Associates are now front and center – During… Continue Reading
Data Privacy Day Event – Brown University
Posted in Data Compliance & Security, Privacy Regulation, SecurityIn the run-up to International Data Privacy Day on January 28th, we’ll be posting information on events that may be of interest. Our friends at Brown University have sent this invitation: You are cordially invited to attend a free Information Security Group colloquium in celebration of National Data Privacy Day at Brown University on Monday January 28, 2013 from 1-4 PM. “Perspectives on… Continue Reading
Cybersecurity in the 113th Congress
Posted in Data Breach, Data Breach Notification, Legislation, Privacy Regulation, SecurityThe 113th Congress will bring new leadership to the House Homeland Security Committee and the Senate Homeland Security and Government Affairs Committees — all responsible for cybersecurity issues. President Obama is expected to release an Executive Order (based on the draft circulated in late November 2012) very soon, perhaps before the State of the Union… Continue Reading
Data Privacy and Security Issues for the Nonprofit
Posted in Data Compliance & Security, Privacy Regulation, SecurityCan your organization answer “yes” to any of the following questions? Does your organization have personal information (credit card numbers, checks, other financial information) from donors? Does your organization have employees or volunteers for whom you have Social Security numbers? Has your organization signed a merchant agreement to be able to accept credit cards? Do… Continue Reading
National Cybersecurity Awareness Month — Cryptography is Going Mainstream
Posted in SecurityWritten by Sara Crasson The Privacy and Security Matters Blog continues to celebrate National Cybersecurity Awareness Month this October. The Internet has become a primary medium for everyday communication, but individuals rarely consider the potential data security problems. Sending an e-mail or instant message is like dropping a postcard in the mail. Many people handle… Continue Reading
Did you know? October is National Cybersecurity Awareness Month
Posted in Data Compliance & Security, SecurityWritten by Amy Malone While we all know that October is National Breast Cancer Awareness Month, we here at Privacy and Security Matters will just bet that you didn’t know that is it also National Cybersecurity Awareness Month. In President Obama’s Proclamation of October as Cybersecurity Month, he touched upon the importance that our digital… Continue Reading
Online and Off-Limits: New California Legislation Prohibits Employers from Requiring Access to Social Media Accounts of Employees
Posted in Employee Privacy, Privacy Regulation, SecurityWritten by Jake Romero Facebook announced last week that it now has upwards of 1 billion active users. That same week, over 10 million Twitter messages were sent during the U.S. presidential debate . With the number and use of social media websites rapidly expanding, your privacy rights with respect to your tweets, “likes” and… Continue Reading
Recommended Reading – BYOD and Reasonable Security
Posted in Data Breach, Data Compliance & Security, SecurityMuch has been written, in this space and elsewhere, on the concept of “reasonable security” — what constitutes “reasonable security,” how much security is “reasonable,” etc. The entry of the choice of computing devices to the workplace – known as the “bring your own [personal] device” or “BYOD” trend – has also been dissected at length. Companies are… Continue Reading
Beware the Weakest Link: Human Behavior
Posted in Data Breach, Data Breach Notification, SecurityWritten by Stephen Bentfield Today’s Washington Post includes a front page article that should serve as a warning to any employer about increasingly sophisticated social engineering attacks that exploit one key vulnerability that is essentially immune to technical solutions: their employees. Social engineering attacks work by exploiting the natural human tendency to trust and thereby… Continue Reading
AntiSec Hackers Strike Again – UPDATE
Posted in SecurityUpdated to add link to new PC Magazine article AntiSec – the hacker group that is the “merger” of Anonymous and Lulzsec – claims to have obtained the unique device identifiers (UDIDs) from 12 million Apple iPhone and iPad users by breaching an FBI computer, and have published more than 1 million of them. Details of the… Continue Reading
Know thy vendor’s vendor…..
Posted in Data Compliance & Security, SecurityWritten by Amy Malone Amy Malone is attending the Data Protection & Privacy Law Conference in Arlington, Virginia this week and will be providing updates. The pre-conference workshops at the Data Protection & Privacy Law Compliance Conference have begun! The first workshop covered managing the risk of third party vendors. An important element of ensuring… Continue Reading
Navigant: Reports of Data Breaches On the Increase Across Industries
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy Regulation, SecurityNavigant recently published the latest update of its comprehensive Information Security and Data Breach Report, which adds yet another analytic view of the data breach picture. And the view is not a pretty one. You can get a copy of the report here. Some of the “highlights”: Healthcare entities again accounted for the largest percentage… Continue Reading
Symantec: Malicious Cyber Attacks Increased by 81 Percent in 2011 and Data Breaches Up
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, Identity Theft, SecuritySymantec has released its annual Internet Security Threat Report, and the numbers are astounding. According to the report, malicious attacks on networks skyrocketed by 81 percent in 2011. The report also highlights that advanced persistent threats, known as APT attacks, are spreading to organizations of all sizes, with the number of daily APT attacks increasing… Continue Reading
Getting ready to forward that spreadsheet to your personal email account? Think twice…..then think again…
Posted in Data Breach, HIPAA/HITECH, Identity Theft, SecurityAn employee — former employee — of the South Carolina Department of Health and Human Services found out the hard way after transferring the information of more than 228,000 Medicaid beneficiaries to his personal email account. The data included Medicare numbers (which include Social Security numbers as part of the identifier) linked to the beneficiaries… Continue Reading
The Rising Cost of HIPAA Violations: $100,000 Fine Levied on Physician Group
Posted in Data Compliance & Security, HIPAA/HITECH, SecurityWritten by Kimberly Gold If your company needs another reminder that policies and procedures, risk assessments, documentation and training are critical elements for HIPAA compliance programs, we have another corrective action plan – and monetary fine – that should be utilized as a “teachable moment” for health care providers and business associates alike. Phoenix Cardiac… Continue Reading
US Legislative Cybersecurity Update
Posted in Legislation, Privacy Regulation, Security, UncategorizedMonday, April 23, will begin Cyber Week, during which up to six different bills that focus on various aspects of cybersecurity may be considered on the House floor. The Rules Committee has not yet determined how the bills will be handled, but it is likely that the less controversial bills from the Committee on Science,… Continue Reading
Data Security Breach Alert: 1.5 Million Credit Card Customers Affected — UPDATE
Posted in Data Breach, Data Breach Notification, SecurityUPDATE: Initial reports of numbers of compromised records in data security breaches are often underestimated. Such appears to be the case in the Global Payments, Inc. incident that we wrote about last month. Initial reports stated that about 1.5 million credit and debit cards were compromised, but it is now believed that the number is… Continue Reading
