A new update from the Federal Trade Commission (“FTC”) highlights that mobile apps remain a key security weakness. In connection with its recent investigation of mobile apps from Fandango and Credit Karma, the FTC has warned consumers that app developers (even those with the best of intentions) continue to drop the ball in ensuring security […]
Category: Data Security
Upcoming Webinar April 17 – “Data Breach Aftermaths”
Join us for our April 17 webinar, Data Breach Aftermath: Next Steps To Clean Up The Mess, hosted by the National Constitution Center, with details, registration and agenda information available here. Data Breaches have unfortunately become near daily occurrences, with news reports – like those covering Target’s recent mammoth breach – sending chills up the […]
2014 Trends in State Data Breach Laws
A recent publication from the National Conference of State Legislatures has highlighted several intriguing trends with regards to recent and upcoming data breach legislation. Given most states reactive nature, the 2013 holiday season generated a “we must do something!” response in many state capitols following the front page data breaches of Target and Neiman Marcus. […]
Ready for Your HIPAA Compliance Audit? HHS’ OCR Sure Is…
It’s been a long time coming. Now it’s here. The Department of Health and Human Services’ Office for Civil Rights (“OCR”) recently placed a notice in the Federal Register that it intends to survey up to 1,200 covered entities (health plans, health care clearinghouses, and certain health care providers) and business associates to “determine their […]
BYOD Doesn’t Mean “Bring Your Own Data Breach”
4th Annual Ponemon Benchmark Study – Reveals New Problems for PHI Security Same as it ever was? You’d be forgiven for thinking that after reading the Fourth Annual Benchmark Study on Patient Privacy & Data Security Report (the “Study”). Conducted by the Ponemon Institute and sponsored by our friends at ID Experts, the picture […]
Why the Cybersecurity Framework Matters for Your Security Programs
Richard Santalesa’s latest IAPP Privacy Perspectives commentary discussing what the National Institute of Standards and Technologies “Cybersecurity Framework” means for privacy and risk management professionals – and by extension your infosec and data security efforts – is up. The Framework is likely to be very influential going forward as federal agencies, government contractors and ultimately […]
NIST Cybersecurity Framework Telebriefing – Mar. 13
UPDATE: Registration now open for our upcoming LSI Telebriefing on March 13, 1pm ET covering the “NIST Framework for Improving Critical Infrastructure Cybersecurity.” Registration information here. It should be an interesting and engaging discussion ahead of NIST’s March 27 State and Local Government Cybersecurity Framework Kickoff Workshop. Original: The SmartedgeLaw Group will moderate a telebriefing […]
Mobile Data Tracking – Takeaways from 1st FTC Spring Privacy Seminar
The FTC held its first seminar in the agency’s Spring Privacy Series yesterday on the hot topic of Mobile Device Tracking. In over two-hours the well-attended panel discussion covered privacy, security and regulatory issues raised by mobile tracking joined by Twitter users posting comments via the #FTCMobile hashtag. With the billion dollar mobile app market […]
NIST Issues Final “Critical Infrastructure Cybersecurity Framework” So?
The National Institute of Standards and Technology (“NIST”), part of the Dept of Commerce, has been at the forefront of federal cyber and information security efforts, issuing numerous “Special Publications” addressing cyber and data security issues, risk management, encryption, mobile security and related topics. It’s latest significant release on Feb. 12th of the final Critical […]
Finally. Google Cloud Announces it will enter into HIPAA BAA’s
Well, it took long enough. Google Cloud Platform service has finally publicly announced they will willingly enter into Business Associate Agreements (“BAA’s”) with “Covered Entities” regarding use of Google Cloud services and Protected Health Information (“PHI”). Google’s announcement comes nearly five months the after Sept 23, 2013 effective date for compliance with the HIPAA/HITECH Omnibus […]
FTC Approves 6th COPPA Safe Harbor Program – kidSAFE+
Today, the Federal Trade Commission (“FTC”) approved the kidSAFE Seal Program as a “safe harbor program” under the Children’s Online Privacy Protection Act (COPPA) and the agency’s COPPA Rule. This make kidSAFE+ the 6th approved safe harbor program – joining Aristotle, inc., the children’s Advertising Review Unit of the Council of BBB’s, the Entertainment Software […]
Sm@rtedgeLaw: In the News – Quoted by SearchSecurity
Continuing our well-established practice of being go-to resources for the tech and legal press, Richard Santalesa of the Sm@rtedgeLaw Group was interviewed by Eric Parizo of SearchSecurity.com for his story Verizon PCI report: Pen testing, passwords cause PCI assessment gaffes to discuss the state of PCI and the 2014 Verizon PCI Compliance Report, which we […]
What the Walking Dead Can Teach Us About Vendor Agreements
As fans of the AMC hit series, The Walking Dead, last night’s mid-season premiere drove home that the show is fundamentally an examination of basic morality. And contract law. And the vital importance of “vetting” third-party contractors. Think we’re stretching things? Read on… for what the Walking Dead teaches about your vendor agreements and dealing […]
2014 Verizon PCI Report Reveals Much Work Needed For Compliance
Update: Richard Santalesa of the Sm@rtedgeLaw Group was interviewed by Eric Parizo of SearchSecurity.com for the story Verizon PCI report: Pen testing, passwords cause PCI assessment gaffes to discuss PCI and the 2014 Verizon PCI Compliance Report. Verizon’s 2014 PCI Compliance Report (“PCR”) is now available for free download in “pre-release.” Along with Verizon’s annual […]
SEC Steps up Review of Cyber Attack & Breach Response Plans
Is your company ready for 2014? Are your Written Information Security Programs, Risk Management Procedures and Data Incident Response Plans up-to-date, tested and up to today’s dynamic threat landscape? Are you sure? Officials at the U.S. Securities and Exchange Commission (“SEC”) recently announced plans to increase scrutiny of how assets managers at companies subject to […]
