The FTC’s recently announced “50th data security settlement,” with GMR Transcription Services, has been highlighted by the Commission as a “golden opportunity to check your [data security] practices.” We agree. The facts behind the settlement read like a veritable case study of what not to do and how companies get into hot water with regulators […]
Category: Data Security
IAPP Introduces All-New Mobile App Privacy Tool
In the past year, the Federal Trade Commission increased enforcement of mobile privacy policies and mobile apps, particularly those used by children as regulated by the Children’s Online Privacy Protection Act (“COPPA”). Regulators across the pond in the EU has likewise viewed mobile apps and mobile devices as posing significant privacy and data security concerns. Responding […]
2014 Cyber Security Outlook – Internet of Things, Bitcoin, Mobile Payments
The Multi-State Information Sharing & Analysis Center (MS-ISAC), a national non-profit under the aegis of the Center for Internet Security, is out with its 2014 Cyber Security Outlook (pdf available here). The brief highlights that MS-ISAC expect 2014 to highlight security concerns and info sec issues focused around: (1) The Internet of Things – MS-ISAC […]
SmartedgeLaw Group Lectures at SHU on CyberSecurity
Rich Santalesa, will be lecturing at Sacred Heart University in Fairfield, CT on Jan. 13, 2014 as part of SHU’s newly launched Masters Degree in Cybersecurity program. The recently developed Masters program includes required courses on securing cloud initiatives, systems security, digital forensics, network security, cryptography and security management, as well as electives in vulnerability […]
FTC “Internet of Things” Workshop Explores Privacy Risks and Benefits
The Federal Trade Commission’s long awaited “Internet of Things” public workshop was held Nov. 19, 2013, and webcast live (with presentations, transcripts and videos to be archived for ready access at http://www.ftc.gov/video) to explore a wide range of potential privacy and security issues associated with Internet-connected devices everywhere – at home, work and in the car. […]
Survey: Medical ID Theft Now Fastest Growing Fraud
Medical and healthcare-related security and privacy concerns have been front page news in 2013, especially with recent launches of federal and state medical healthcare exchanges and changes stemming from the “HIPAA Omnibus Final Rule” enacted early this year that went into effect as of September 23rd. In a timely and notable report, the Ponemon Institute […]
FTC Enters “Internet of Things” Arena With TRENDnet Proposed Settlement
With predictions that by 2020 more than 30 billion devices will be wirelessly connected to the “Internet of Things” the issues for data security and privacy in an “all-connected, all-the-time” world are massive. And as the FTC continues to forge ahead in efforts to address mobile and other burgeoning security matters it recently entered the […]
Ponemon’s Cyber Insurance Study Finds Companies Neglecting Coverage
The challenges of managing corporate risk – whether through the growth of formal “GRC” (governance, risk management and compliance) programs or through contractual liability transfers – increase each year. However, a recent Ponemon Institute study, Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age, released Aug. 7, 2013 (available here: http://www.experian.com/managingcybersecurity)(the […]
NIST Releases Cloud Computing “Security Reference Architecture” (SP 500-299) for Public Comment
The National Institute of Standards and Technology (“NIST”) loves its “Special Publications” the way IRS agents love new tax forms. NIST’s SP’s, however, are much more useful, and its latest Special Publication release in draft form for public comment, SP 500-299 “Cloud Computing Security Reference Architecture” introduces NIST’s Cloud Computing Security Reference Architecture (“SRA”) as […]
Lessons From When Cyber Security Meets Physical Security
Data security and what qualifies as “reasonable” security is on everyone’s mind these days – at least if you’re involved in IT, or responsible for addressing any aspect of the “GRC” troika of governance, risk management and compliance issues. Sometimes overlooked on the cyber side, however, is the interaction of cyber with real world, physical […]
2013 Verizon Data Breach Report Is Out – Risks Increase
Verizon’s annual “Data Breach Investigations Report” (“DBIR”) is a must read for data and information security professionals and we eagerly await each release. The 2013 DBIR is now out and being carefully read by information security professionals. Now in its sixth year, each DBIR provides a broad overview of the changing information security and data […]
Upcoming Webinar on FFIEC Social Media Compliance
Richard Santalesa, will be conducting an upcoming webinar in connection with MetricStream, discussing the Federal Financial Institutions Examination Council’s (“FFIEC”) proposed recent social media guidance (see FFIEC Social Media Guidance Public Comment Revelations). Date to be announced in the near future.
NIST Issues Final Draft of Security Controls for Comment
Over three previous drafts of its Security and Privacy Controls for Federal Information Systems and Organizations, Special Publication 800-53, the National Institute of Standards and Technology (“NIST”) has honed focus while expanding the reach of infosec controls, all culminating in this latest 455-page “Revision 4″ released for public comment last week. Dubbed the “Final Public […]
FTC Releases Recommendations for Mobile Privacy Disclosures
This weekend’s excellent Superbowl game, which was delayed by a power outage that prompted several announcers in passing to mention the “extra power” used by tablets and smartphones, highlighted that the mobile arena continues to take center stage everywhere. We’ve covered the growing attention on mobile privacy policies and data gathering in recent posts (see, […]
2013 Data Privacy, Information Security and Cyber Insurance Trends Report
On Data Privacy Day, recognized annually on Jan. 28th, Richard Santalesa, is quoted in the 2013 Data Privacy, Information Security and Cyber Insurance Trends Report, released each January by Cyber Data Risk Managers LLC. The Report surveys well-known industry experts and respected thought leaders, including Rick Kam, Bruce Schneier, Dr. Larry Ponemon and others, for […]
