Released today, the Ponemon Institute‘s Third Annual Benchmark Study on Patient Privacy & Data Security (available at, http://www2.idexpertscorp.com/ponemon2012/) starkly highlights the continued serious challenges faced by healthcare organizations in adequately safeguarding protected health information (“PHI”). As the study notes straight out of the gate “the threats to healthcare organizations have become increasingly more difficult to […]
Category: Data Security
Whitepaper – Local & State Govt Data Security and Cyber Risks
Richard Santalesa introduced a whitepaper on legal risks and cyber insurance at this past week’s fall meeting of the New York State Association of Counties – dubbed the think tank for NY’s counties since 1923. The white paper was released at a breakout session on the meeting agenda addressing “Cyber Security and Cyber Risks in Your County” where Mr. Santalesa’s […]
IDExperts 13 Security Tips to Combat Mobile Device Threats
In this collection of security tips for mobile devices SmartedgeLaw Group Attorney Richard Santalesa recommends keeping close tabs on mobile devices coming “off plan” in any BYOD scenario. The full article is available at: http://www2.idexpertscorp.com/resources/BestPracticesChecklists/13-security-tips-to-combat-mobile-device-threats-to-healthcare/
New Ponemon Data Breach Study Finds Breach Costs Have Fallen
Since its first issue seven years ago, the Ponemon Institute’s annual Cost of Data Breach Study (“CDBS”) has become a must read for privacy and breach professionals. The latest CDBS study, covering the 2011 year, can be considered a bookend to Verizon’s annual Data Breach Investigations Report, which 2012 edition was likewise recently released The […]
FTC Issues Final Commission Report on Protecting Consumer Privacy
Earlier today the Federal Trade Commission issued its long-awaited final report entitled “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers” (the “Framework”). The Framework focuses on three primary principles: 1) Privacy by Design; 2) Simplified Choice for Businesses and Consumers; and 3) Greater Transparency. The vote approving […]
Cloud Security, Data Breaches and the CFAA
Attorney Rich Santalesa provided commentary for a Business Insurance article titled, “Managing Cloud Computing Security Requires Planning” available at http://www.businessinsurance.com/article/20120115/NEWS07/301159998#full_story. And Santalesa comments again in an Information Week article dealing with a CFAA-related sentencing: “Patient Data Theft Sends IT Specialist To Jail” available at http://www.informationweek.com/news/healthcare/security-privacy/232400459
A Handful of 2012 Privacy & Security Predictions
Even though 2011 was an extremely active year on the information security and privacy fronts – with a blizzard of proposed legislation, near weekly front page data breaches and the continued full leap into the cloud with its securities issues – I predict that 2012 events across the privacy and data security landscape will make […]
Briefing Risk Management Executives on Cyber Security
Richard Santalesa will be briefing senior executives with responsibility for risk management Wednesday, Dec 14th, 2011 at a Symantec & Conventus event in Minneapolis. Registration is still open and additional information registration is available here.The topic: 2011 has been heralded as the year of the security breach. But what does that mean for you and […]
W3C Publishes Draft “Do-Not-Track” Standards
After a flurry of “Do-Not-Track” announcements and proposals early this year by the IETF, CDT, Microsoft and Mozilla, in response to the FTC’s release of its December 2010 draft privacy framework, which we covered in detail, the W3C’s Tracking Protection Working Group recently released the second draft of its Do-Not-Track standards in two parts: a […]
Blumenthal Bill Bumps Up Big Fines for Data Thefts and Security Breaches
Late last week Senator Richard Blumenthal (D-CT) introduced a one-hundred page bill, dubbed the Personal Data Protection and Breach Accountability Act of 2011, S.1535, (the “PDPBA Act”), referred to the Senate Judiciary Committee, that if ultimately passed would levy significant penalties for identify theft and other “violations of data privacy and security,” criminalize as felonies […]
Additional Law Enforcement Group Endorses PCIPA’s 18-Month Mandatory IP Address Retention for ISPs
In the wake of the H.R. 1981, the “Protecting Children from Internet Pornographers Act of 2011 (PCIPA), proposed May 25, 2011 by U.S. Representatives Lamar Smith (R-Texas), the head of the House Judiciary Committee, and Debbie Wasserman Schultz (D-Fla.), the National Sheriffs’ Association, a organization representing 3,000+ Sheriff’s offices around the country, announced in testimony […]
Cloud Computing Webinar Series
BUMPED – There’s still time register for our upcoming free webinar. Legal Issues of Security and Privacy in Cloud Computing – Wed., May 24, 2011 – 12:30 pm ET In this free upcoming webinar on cloud computing, Attorney, Richard Santalesa will examine the Legal Issues of Security and Privacy in Cloud Computing. To register, click […]
Ponemon Study: 73% Believe Cloud Providers Do Not Protect User’s Confidential Information
Growing scrutiny of cloud computing security in the first half of this year is not surprising in light of the numerous data breaches, privacy issues and headline grabbing cloud outages that have occurred recently. (See Amazon EC2 outage, Amazon Cloud Drive Terms of Use, DropBox privacy concerns, Epsilon breach, etc.). On the heels of this […]
NIST Issues Two New Draft Cloud Computing Documents, A Call for Public Comment and a Cloud Wiki
Last week the National Institute of Standards and Technology (NIST), an agency within the Department of Commerce, released for public comment two “new” draft documents centered on cloud computing. The first is a NIST-codified Definition of Cloud Computing (Draft SP 800-145), and the second document is what NIST calls “the first set of guidelines for […]
FTC Issues Guide for Businesses on Securing Digital Copiers
The Federal Trade Commission (FTC) recently released a new publication in the wake of numerous news accounts highlighting the potential data security issues posed by modern digital copiers. (See, e.g., Digital Copy Machines Pose Security Concerns, Alburquerque News, July 28, 2010, available here; Digital Photocopiers Loaded with Secrets, CBS Evening News, April 15, 2010, available […]
