A quick thanks to all those who attended our IAPP KnowledgeNet meeting, held yesterday in Hartford, and to my co-chairs Bruce Raymond and Catherine Itravina. There was a good turnout and many new faces around the table. After an informative presentation covering lessons learned from the Target data breach, by Pamela Gupta, President of Outsecure, Inc., […]
Category: Data Security
Ready to Revisit Your Cloud Contracts? FedRAMP is Ramping Up With Three Public Webinars
Those who follow cloud computing on the federal level know the Federal Risk and Authorization Management Program (“FedRAMP”) is tasked with developing a “government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.” We expect FedRAMP to have a broader ripple effect for corporate cloud contracting, […]
FTC Data Broker Report Takeaways – Part 2
In this Part Two covering the Federal Trade Commission’s Report on Data Brokers, (Part One is here) we focus on the Report’s detail of benefits and risks to consumers of data brokers’ services, the FTC’s legislative recommendations and best practices data brokers should consider to address growing concerns surrounding data mining. Lastly, we’ll review considerations […]
Join us June12 at IAPP KnowledgeNet CT
Please join us at the upcoming IAPP KnowledgeNet CT on June 12 4-6pm at the offices of Shipman & Goodwin LLP, One Constitution Plaza, Hartford, CT 06103. Refreshments will be served. Our topic: Data Breach Responses: Practical Lessons From the Target Trenches and Beyond Our meeting will include featured speakers and a group round table discussion […]
Data Broker Study from FTC Reveals a Big Data World
Data brokers have been under increased scrutiny lately – from Congress, the press and joined again this week by the Federal Trade Commission, which released a 109-page study of nine data brokers entitled Data Brokers: A Call For Transparency and Accountability (the “Report”). which examined nine data brokers to determine the types and scope of personal information data collected. What […]
FTC Slaps Snapchat Over Privacy Policy & Practices
Recently, the Federal Trade Commission snapped at Snapchat over its privacy policy and representations made regarding the company’s mobile application. The FTC’s action has raised some eyebrows. But it has also raised awareness that promises made in a privacy policy matter. What did Snapchat do wrong and what are the key takeaways you should adopt […]
Study Finds Data Breach Costs Have Increased
The anticipated annual release of the Ponemon Institute’s 2014 Cost of Data Breach Study has finally arrived. As yearly readers of the Study know, it provides a snapshot of the different factors that leave an organization susceptible to data breach, the costs associated with a breach in various sectoral industries and details ways to mitigate […]
NIST Releases “Security by Design” Public Draft Guidance
Following on the heels of the National Institute of Standards and Technology‘s (“NIST”) release of the Framework for Improving Critical Infrastructure Cybersecurity (a/k/a the “Cybersecurity Framework” – see our coverage here and here), NIST unveiled yesterday a 123-page initial draft for public comment of Special Publication 800-160, Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems. […]
Admin judge to FTC: “Put up or shut up”
FTC ordered to submit to testifying about data security standards The ongoing controversial Federal Trade Commission (“FTC”) versus LabMD Inc. enforcement action (Docket No. 9357) took a new twist recently as Chief Administrative Law Judge D. Michael Chappell effectively ordered the FTC to reveal details about what it considers to be the applicable data security […]
White House Big Data Report – An Ink Blot Test
Remember those famous Rorschach ink blot tests, where you could see nearly anything in an image? The White House’s recent Big Data report (BIG DATA: Seizing Opportunities, Preserving Values, the “Report”), which examines how Big Data is and will be expected to be used, strikes us as rather like one of those ink blots – […]
SEC Issues Cybersecurity Risk Alert
Building on its stated goals for 2014, the U.S. Securities and Exchange Commission (“SEC“) recently issued a Cybersecurity Risk Alert through its Office of Compliance Inspections and Examinations (“OCIE“) that provides important additional information regarding the SEC’s ongoing initiative to assess cybersecurity preparedness in the financial and securities industry subject to its jurisdiction. As we […]
Then there were 47… Kentucky enacts data breach statute
Since 2010 the number of states with data breach notification statutes was stalled at 46. No longer. Kentucky is now the 47th state to enact a data breach notification statute, effective July 14, 2014. Kentucky’s new data breach notification statute, appearing in Ken. Rev. Stat. Chapter 365 (as amended by H.B. 232 on April 10, […]
Update: Registration Open for ABA Privacy and Social Media Webinar – May 7th
Sm@rtEdgeLaw Group™ will be discussing “Privacy and Social Media” in an upcoming American Bar Association webinar May 7th with colleagues at other firms and organizations. Social media is everywhere. Join this webinar for an update on the latest social media legal issues and challenges. Attorney CLE credit available. Register at http://apps.americanbar.org/cle/program//t14pvm1.html?sc_cid=CET4PVM-A Program Description: Program Description: Social media […]
Long awaited decision in FTC v. Wyndham Issued. FTC wins.
BREAKING: The long awaited decision in the ongoing FTC v. Wyndham Worldwide Corp federal district court case in New Jersey was issued last today by District Judge Salas. In brief Wyndham lost all three of its arguments presented and J. Salas denied its Motion to Dismiss. We’re reviewing the entire 42-page decision, available here, for […]
Procurement Takeaways of the Intersection of Cloud Computing and Mobility
The National Institute of Standards and Technology (“NIST”) held a two and a half day workshop last week, March 25-27, entitled The Intersection of Cloud and Mobility, to brainstorm on the issues, problems and realities of a world where “low-end mobile devices access diverse and scalable cloud computing resources and globally connected mobile enabled resources […]