A quick thanks to all those who attended our IAPP KnowledgeNet meeting, held yesterday in Hartford, and to my co-chairs Bruce Raymond and Catherine Itravina. There was a good turnout and many new faces around the table. After an informative presentation covering lessons learned from the Target data breach, by Pamela Gupta, President of Outsecure, Inc., […]
Category: Risk Management
Sm@rtEdgeLaw Now a Member of InfraGard – Cybersecurity Partnership
We’re pleased to announce that founding attorney, Richard Santalesa, has been accepted as a member of InfraGard, and looks forward to employing InfraGard’s expertise on behalf of Sm@rtEdgeLaw’s client base and our communities. InfraGard is a partnership between the FBI and the private sector as “an association of persons who represent businesses, academic institutions, state […]
Join us June12 at IAPP KnowledgeNet CT
Please join us at the upcoming IAPP KnowledgeNet CT on June 12 4-6pm at the offices of Shipman & Goodwin LLP, One Constitution Plaza, Hartford, CT 06103. Refreshments will be served. Our topic: Data Breach Responses: Practical Lessons From the Target Trenches and Beyond Our meeting will include featured speakers and a group round table discussion […]
Data Broker Study from FTC Reveals a Big Data World
Data brokers have been under increased scrutiny lately – from Congress, the press and joined again this week by the Federal Trade Commission, which released a 109-page study of nine data brokers entitled Data Brokers: A Call For Transparency and Accountability (the “Report”). which examined nine data brokers to determine the types and scope of personal information data collected. What […]
NIST Releases “Security by Design” Public Draft Guidance
Following on the heels of the National Institute of Standards and Technology‘s (“NIST”) release of the Framework for Improving Critical Infrastructure Cybersecurity (a/k/a the “Cybersecurity Framework” – see our coverage here and here), NIST unveiled yesterday a 123-page initial draft for public comment of Special Publication 800-160, Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems. […]
SEC Issues Cybersecurity Risk Alert
Building on its stated goals for 2014, the U.S. Securities and Exchange Commission (“SEC“) recently issued a Cybersecurity Risk Alert through its Office of Compliance Inspections and Examinations (“OCIE“) that provides important additional information regarding the SEC’s ongoing initiative to assess cybersecurity preparedness in the financial and securities industry subject to its jurisdiction. As we […]
Update: Registration Open for ABA Privacy and Social Media Webinar – May 7th
Sm@rtEdgeLaw Group™ will be discussing “Privacy and Social Media” in an upcoming American Bar Association webinar May 7th with colleagues at other firms and organizations. Social media is everywhere. Join this webinar for an update on the latest social media legal issues and challenges. Attorney CLE credit available. Register at http://apps.americanbar.org/cle/program//t14pvm1.html?sc_cid=CET4PVM-A Program Description: Program Description: Social media […]
PayPal Provides a Reminder: Keep Tabs on Policy Changes
With PayPal’s recent changes to its User Agreement, Privacy Policy and PayPal Here Agreement, users should take note of several important service revisions – and the changes provide a good reminder to pay attention to those ubiquitous “our policies have changed” notices we all receive. While PayPal’s updates restate current policy they also announce […]
Procurement Takeaways of the Intersection of Cloud Computing and Mobility
The National Institute of Standards and Technology (“NIST”) held a two and a half day workshop last week, March 25-27, entitled The Intersection of Cloud and Mobility, to brainstorm on the issues, problems and realities of a world where “low-end mobile devices access diverse and scalable cloud computing resources and globally connected mobile enabled resources […]
How secure is your mobile app? Or the ones your employees use?
A new update from the Federal Trade Commission (“FTC”) highlights that mobile apps remain a key security weakness. In connection with its recent investigation of mobile apps from Fandango and Credit Karma, the FTC has warned consumers that app developers (even those with the best of intentions) continue to drop the ball in ensuring security […]
Upcoming Webinar April 17 – “Data Breach Aftermaths”
Join us for our April 17 webinar, Data Breach Aftermath: Next Steps To Clean Up The Mess, hosted by the National Constitution Center, with details, registration and agenda information available here. Data Breaches have unfortunately become near daily occurrences, with news reports – like those covering Target’s recent mammoth breach – sending chills up the […]
Ready for Your HIPAA Compliance Audit? HHS’ OCR Sure Is…
It’s been a long time coming. Now it’s here. The Department of Health and Human Services’ Office for Civil Rights (“OCR”) recently placed a notice in the Federal Register that it intends to survey up to 1,200 covered entities (health plans, health care clearinghouses, and certain health care providers) and business associates to “determine their […]
Why the Cybersecurity Framework Matters for Your Security Programs
Richard Santalesa’s latest IAPP Privacy Perspectives commentary discussing what the National Institute of Standards and Technologies “Cybersecurity Framework” means for privacy and risk management professionals – and by extension your infosec and data security efforts – is up. The Framework is likely to be very influential going forward as federal agencies, government contractors and ultimately […]
NIST Cybersecurity Framework Telebriefing – Mar. 13
UPDATE: Registration now open for our upcoming LSI Telebriefing on March 13, 1pm ET covering the “NIST Framework for Improving Critical Infrastructure Cybersecurity.” Registration information here. It should be an interesting and engaging discussion ahead of NIST’s March 27 State and Local Government Cybersecurity Framework Kickoff Workshop. Original: The SmartedgeLaw Group will moderate a telebriefing […]
FTC and FBI Issue Warning About “CryptoLocker” Malware
Safeguarding data security and privacy is a constant battle. We always recommend the use of encryption for mobile devices, laptops and all crucial company data or consumer records containing personal, sensitive or medical information. In a devilish twist, however, cyber criminals have turned encryption against unsuspecting victims, to beg the question: “Are your computer files […]
