Archives: Information Security

Subscribe to Information Security RSS Feed

InfoLawGroup Launches CPO on Demand™ Service

InfoLawGroup announces the launch of CPO on Demand™, a service through which we serve as outside Chief Privacy Officers, Privacy Counsel, and DPOs as required under EU regulation. CPO on Demand™ brings the depth and breadth of our privacy and security focused attorneys to support your business’s legal, compliance, and privacy teams. Please click here … Continue Reading

FTC Lawsuit Against D-Link Highlights the Importance of Routine Review of Public Statements and Security Protocols

The Federal Trade Commission (“FTC“) announced today that it has filed a lawsuit against D-Link alleging that it made deceptive claims about its products’ security and engaged in unfair practices that placed consumers’ privacy at risk.  The Complaint For Permanent Injunction and Other Equitable Relief was filed in the United States District Court Northern District … Continue Reading

New FTC Data Breach Response: A Guide for Business

This week, the Federal Trade Commission (“FTC”) announced on its Business Blog the release of Data Breach Response: A Guide for Business (“Guide”).  The Guide’s release seems to be part of the FTC’s push to position itself as the main federal regulator of data security practices and is available for free on the FTC’s website.  … Continue Reading

Businesses Take Heed: FTC’s Recent Report, Conference Signal Big Data’s the Big Deal in 2016

FTC Kicks Off New Year with New Report on Growing Use of Big Data Analytics Across All Industries Without so much as a week of 2016 having lapsed, the Federal Trade Commission (“FTC” or “Commission”) released a new report with recommendations to businesses on the growing use of big data. The report, “Big Data: A … Continue Reading

Recent International Study Reports Delinquencies in App Privacy Disclosures

In a recently reported study released by the the Global Privacy Enforcement Network (“GPEN”), the GPEN found that a testing sample of 1,211 mobile apps accessed during May of this year failed to provide users with adequate privacy protections under current regulatory provisions in the United States and in other countries. The GPEN is a coalition … Continue Reading

Massachusetts Continues Aggressive Information Security Enforcement Agenda

On July 23, 2014, the Massachusetts Attorney General announced a consent judgment with Women & Infant’s Hospital of Rhode Island (“WIH”) to resolve allegations that it violated federal and state information security laws when it lost backup tapes.  The backup tapes, allegedly containing sensitive personal information and protected health information of 12,127 Massachusetts residents, were … Continue Reading

InfoLawGroup Senior Counsel Mark Paulding Discusses Privacy and Security on This Week in Law

InfoLawGroup Senior Counsel Mark Paulding appeared on Episode 257 of  This Week in Law, joining security expert Bruce Schneier and Harvard scholar Kyle Courtney to discuss a wide range of issues dealing with law, policy and technology. The full episode is embedded below. The episode covered topics ranging from NSA surveillance and companies’ efforts to … Continue Reading

FAQs Concerning the Legal Implications of the Heartbleed Vulnerability

(Contributors to this post include:  Scott Koller, David Navetta, Mark Paulding and Boris Segalis) By now, most of the world is aware of the massive security vulnerability known as Heartbleed (it even comes with a slick logo and its own website  created by the organization that discovered the vulnerability).  According to reports this vulnerability has been … Continue Reading

Attorney General Harris Unveils Cybersecurity Guide for California Businesses

The California Attorney General’s Office has announced the release of a new cybersecurity guide designed to help California businesses better protect against and respond to cybersecurity threats.  The guide provides a simple and easy to understand overview of basic security threats and outlines some practical steps for minimizing cyber vulnerabilities, including guidance on how to … Continue Reading

Information Security Strategy: A Lesson from the Target Breach

Over the past few weeks, new revelations have provided greater insight into the breach of Target Corp. over the holiday shopping season.  Notable among the recent news is the assertion that the cybercriminals behind the Target breach initiated their infiltration through HVAC vendor Fazio Mechanical (http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/).  It is believed that the cybercriminals staged a phishing … Continue Reading

The Target Breach: How the Financial Industry is Reacting

Retail giant Target recently suffered a massive security breach during the busiest shopping season of the year.  The breach involved the credit and debit card information of an estimated 40 million customers who shopped at one of Target’s retail stores between November 27th and December 15, 2013.  So far, Target has not disclosed the precise … Continue Reading

The Ramifications of a Security Breach

New Study Finds that Two Thirds of U.S. Adults Would Not Return to a Business Where Their Personal Information was Stolen. From hackers to stolen laptops, security breaches have been on the rise.  While most businesses are aware of the dangers associated with potential security breaches, few truly understand the full ramifications.  Calculating the time … Continue Reading

The Internet of Things: FDA Releases Guidance on Securing Wireless Medical Devices — What Medical Device Manufacturers Should Know

FDA, responding to pressure to provide direction on wireless medical device security, has released guidance concerning the use of RF wireless technology in medical devices.  The Guidance contains FDA’s recommendations to wireless medical device manufacturers for securing these devices and complying with governing FDA regulations. Key takeaway:  FDA is now paying close attention to medical … Continue Reading

10 Years After SB 1386, California Attorney General Issues First Ever Report and Recommendations on Data Breaches

As most know, California was the first state in the country, only 10 years ago, to pass the first ever state data security breach notification law, SB 1386, codified at California Civil Code sections 1798.29 and 1798.82.  Last year, SB 24 amended the law, effective January 1, 2012, to require organizations issuing a security breach … Continue Reading

2013 Verizon Data Breach Report Is Out – Risks Increase

Verizon’s annual “Data Breach Investigations Report” (“DBIR”) is a must read for data and information security professionals and we eagerly await each release.  The 2013 DBIR is now out and being carefully read by information security professionals.  Now in its sixth year, each DBIR provides a broad overview of the changing information security and data … Continue Reading

NIST Issues Final Draft of Security Controls for Comment

Over three previous drafts of its Security and Privacy Controls for Federal Information Systems and Organizations, Special Publication 800-53, the National Institute of Standards and Technology (“NIST”) has honed focus while expanding the reach of infosec controls, all culminating in this latest 455-page “Revision 4” released for public comment last week. Dubbed the “Final Public … Continue Reading

New Ponemon Study Lists Top Privacy Features Consumers View As Important, Ranks Most Trusted Companies for Privacy

The Ponemon Institute released the 2012 results of its annual “Most Trusted Companies for Privacy Study,” which was quite the present on Data Privacy Day. The study has been conducted annually since 2006. While the rankings themselves certainly are interesting, other tidbits in the study about consumers’ attitudes toward privacy are more interesting. Some particularly … Continue Reading

South Carolina Supreme Court Splits with the Ninth Circuit Regarding Stored Communications Act Protections for Webmail

The Supreme Court of South Carolina recently ruled that the federal Stored Communications Act (“SCA”) provides no cause of action against a hacker who accessed a user’s webmail without authorization, creating a split with the Ninth Circuit’s 2004 case, Theofel v. Farey-Jones.  See Jennings v. Jennings, No. 27177, 2012 WL 4808545 (S.C. Oct. 12, 2012). In … Continue Reading

Employers Must Consider Social Media Risks to Life and Limb, Not Just Pocketbook

It should be no surprise that the use of social media creates risks – legal and financial risks related to privacy and data security issues are among the most examined concerns.  But the use of social media also may create risks that can’t be valued by a dollar sign – risks to human life and … Continue Reading

InfoLawGroup Senior Counsel To Brief Risk Management Executives

Richard Santalesa will be briefing senior executives with responsibility for risk management this Wednesday, Dec 14th, at a Symantec & Conventus event in Minneapolis.  Registration is still open and additional information registration is available here. The topic: 2011 has been heralded as the year of the security breach. But what does that mean for you … Continue Reading

Federal Information Security and Breach Notification Law Approved by House Trade Subcommittee

On July 20, 2011, the U.S. House of Representatives Energy and Commerce Committee's Trade Subcommittee approved the Secure and Fortify Electronic Data Act (the "SAFE Data Act"). The Act would require any business that maintains personal information to implement an information security program and notify affected individuals in the event of an information security breach. The SAFE Data Act would preempt the over 45 existing state information security and breach notification laws and task the Federal Trade Commission with developing information security rules implementing the Act. … Continue Reading
LexBlog