On this Privacy Monday: US Attorney General Puts Pressure on Congress for Data Breach Disclosures Today, US Attorney General Eric Holder urged Congress to pass legislation requiring retailers to make significant customer data breaches known in a timely manner. This push follows Congressional hearings where members of Congress expressed dismay over the Target and Neiman… Continue Reading
Cybersecurity
Subscribe to Cybersecurity RSS Feed“Sophisticated” Breach Exposes 300,000 Student Records at University of Maryland: 3 Questions You Should Ask
Posted in Cybersecurity, Data Breach, Data Breach NotificationOfficials at the University of Maryland (“University” or “UMD”) announced that UMD was the victim of a significant security breach that took place on Tuesday, February 18 (the “Breach” or “Incident”). The Incident, characterized as a “sophisticated computer security attack” by both the University’s President and the Chief Information Officer, exposed records containing the… Continue Reading
NIST Framework for Critical Infrastructure Released
Posted in CybersecurityThe release yesterday of the Framework for Improving Critical Infrastructure Cybersecurity by the National Institute of Standards and Technology caps a year-long effort by NIST to find an industry consensus for assessing and improving the cybersecurity of the nation’s privately-owned critical infrastructure. We will be publishing a more detailed analysis of the final Framework in… Continue Reading
On the Sixth Day of Privacy, the Congress Gave to Me…..
Posted in Cybersecurity, Privacy RegulationNot much……perhaps we should send them a box of coal. So, we look ahead….. Written by Jonathan T. Cain, CIPP/G If you believe that Congress does best when it does least, then 2013 was an outstanding year – at least as far as privacy and data protection are concerned. Out of the dozen or so… Continue Reading
On the Fifth Day of Privacy, the SEC Gave to Me…..
Posted in Cybersecurity, Data Breach, Privacy Litigation, SecuritySing it with me now….. FIVE GOLDEN RULES! Written by Adam Veness As public companies prepare for the New Year and the start of yet another annual reporting season, it is the perfect time to reflect on our 2013 prediction that the SEC would require greater disclosure relating to cybersecurity risks and data breaches. As… Continue Reading
DoD Requires Safeguarding Technical Data
Posted in Cybersecurity, Data Compliance & Security, SecurityThe Department of Defense (DoD) has published its new final rule governing the security measures imposed on DoD unclassified technical information resident on or passing through the unclassified information systems of its contractors and subcontractors. This final rule will require contractors to safeguard unclassified controlled technical information and to report the compromise of such information… Continue Reading
Privacy Monday – November 18, 2013
Posted in Children, Cybersecurity, Privacy Monday, US Supreme CourtThe month of November is quickly slipping by – this is the time to be looking at the 2014 cybersecurity and data privacy goals and updates and planning ahead. Our selected bits and bytes for this Monday: FTC Denies AssertID, Inc.’s Application for Obtaining Verifiable Consent Under the COPPA Rule The FTC recently announced (press… Continue Reading
Privacy Monday: October 28, 2103 — NIST Cybersecurity “Framework” Published for Comment
Posted in Cybersecurity, Data Compliance & Security, Privacy MondayWritten by Jonathan Cain The National Institute of Standards and Technology (NIST) has published its preliminary cybersecurity “Framework” that it was directed to develop in Executive Order 13636. The Executive Order requires that NIST develop and publish a cybersecurity Framework to protect national critical infrastructure through a “prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information… Continue Reading
October is National Cyber Security Awareness Month
Posted in Cybersecurity, Identity TheftDID YOU KNOW? – 93 percent believe their online actions can protect not only friends and family but also help to make the Web safer for everyone around the world. – Nearly two-thirds of the American public have heard, read or seen something about online safety and security issues recently. However, most of what the… Continue Reading
Privacy Monday – September 9, 2013 — NIST Draft Cybersecurity Framework
Posted in Class Action Litigation, Cybersecurity, Data Breach, Privacy MondayThis Privacy Monday, there are a few important items of note, rather than the usual “bits and bytes”. NIST RELEASES DISCUSSION DRAFT OF CYBERSECURITY FRAMEWORK After several months of work, the National Institute of Standards and Technology has published a draft of its cybersecurity “Framework.” Developed in response to an executive order from President Obama,… Continue Reading
BOSTON: Join Us for “Cybersecurity: It’s Not Just for IT Anymore”
Posted in Class Action Litigation, Cybersecurity, Data Breach, Data Compliance & Security, Privacy Litigation, Privacy Regulation, SecurityIf you are in the Boston area (or will be on September 26), please join us for an afternoon discussion on cybersecurity and the growing risk to corporate directors. It’s no longer just the purview of a company’s IT or compliance personnel. Cybersecurity needs to be elevated to boardroom discussion and this seminar will cover what… Continue Reading
Privacy Monday – July 29, 2013
Posted in 201 CMR 17.00, Cybersecurity, Data Breach, Data Breach Notification, European Union, Privacy MondayPrivacy goofs, gaffes and tidbits for the last Monday in July — NSA Surveillance Causes More Grief –Germany Calls for a Stop to Safe Harbor: Time for Binding Corporate Rules? According to news sources the federal and state German data protection commissioners late last week sent a letter to German Chancellor Angela Merkel, requesting… Continue Reading
Survey Says: Fortune 500 Disclosing Cyber Risks
Posted in CybersecurityWritten by Adam Veness Ever since our 2013 prediction, an ever increasing number of public companies are adding disclosure related to cybersecurity and data breach risks to their public filings. We previously analyzed how the nation’s largest banks have begun disclosing their cybersecurity risks. Now, it appears that the rest of the Fortune 500 companies… Continue Reading
D.C. Developments on the Cybersecurity Front – UPDATE
Posted in CybersecurityWritten by Cynthia Larose and Heidi Lawson UPDATE: The House Permanent Select Committee on Intelligence passed the Cyber Intelligence Sharing and Protection Act (CISPA) this afternoon. The vote was 18 in favor and two (Adam Schiff (D-CA) and Jan Schakowsky (D-IL)) against. For more information, read The Hill. The last 24 hours have seen… Continue Reading
Cybersecurity Disclosure: A Panel Discussion with the SEC’s Division of Corporation Finance
Posted in Cybersecurity, Data BreachLast week in Washington, D.C., this author had the opportunity to sit in on a panel discussion by the SEC’s Division of Corporation Finance (“CorpFin”) discussing, among other things, recent developments in cybersecurity disclosure in public company filings. The panel included CorpFin’s Acting Director Lona Nallengara, Deputy Director of Disclosure Operations Shelley Parratt and others from CorpFin…. Continue Reading
Privacy and Security Not the Only Concerns in the Cloud
Posted in Cloud Computing, Cybersecurity, Data Compliance & SecurityWritten by Jonathan Cain Security and privacy are the most frequently expressed concerns about cloud computing (defined for this article to include software as a service, platform as a service and storage as a service), but for companies that engage in research, design, development, manufacturing and servicing of items that are subject to U.S. export… Continue Reading
To the Nation’s Largest Banks: Thanks for Reading
Posted in Cybersecurity, SecurityIt seems that some of the nation’s largest public company banks must be avid readers of this blog and have taken to heart our 2013 prediction that the SEC would require greater disclosure related to data security risks and breaches. In their recent annual reports, Goldman Sachs Group Inc., Citigroup, Inc., Bank of America Corp…. Continue Reading
