The National Institute of Standards and Technology (“NIST”), part of the Dept of Commerce, has been at the forefront of federal cyber and information security efforts, issuing numerous “Special Publications” addressing cyber and data security issues, risk management, encryption, mobile security and related topics. It’s latest significant release on Feb. 12th of the final Critical […]
Category: Risk Management
Finally. Google Cloud Announces it will enter into HIPAA BAA’s
Well, it took long enough. Google Cloud Platform service has finally publicly announced they will willingly enter into Business Associate Agreements (“BAA’s”) with “Covered Entities” regarding use of Google Cloud services and Protected Health Information (“PHI”). Google’s announcement comes nearly five months the after Sept 23, 2013 effective date for compliance with the HIPAA/HITECH Omnibus […]
FTC Approves 6th COPPA Safe Harbor Program – kidSAFE+
Today, the Federal Trade Commission (“FTC”) approved the kidSAFE Seal Program as a “safe harbor program” under the Children’s Online Privacy Protection Act (COPPA) and the agency’s COPPA Rule. This make kidSAFE+ the 6th approved safe harbor program – joining Aristotle, inc., the children’s Advertising Review Unit of the Council of BBB’s, the Entertainment Software […]
What the Walking Dead Can Teach Us About Vendor Agreements
As fans of the AMC hit series, The Walking Dead, last night’s mid-season premiere drove home that the show is fundamentally an examination of basic morality. And contract law. And the vital importance of “vetting” third-party contractors. Think we’re stretching things? Read on… for what the Walking Dead teaches about your vendor agreements and dealing […]
SEC Steps up Review of Cyber Attack & Breach Response Plans
Is your company ready for 2014? Are your Written Information Security Programs, Risk Management Procedures and Data Incident Response Plans up-to-date, tested and up to today’s dynamic threat landscape? Are you sure? Officials at the U.S. Securities and Exchange Commission (“SEC”) recently announced plans to increase scrutiny of how assets managers at companies subject to […]
IAPP Introduces All-New Mobile App Privacy Tool
In the past year, the Federal Trade Commission increased enforcement of mobile privacy policies and mobile apps, particularly those used by children as regulated by the Children’s Online Privacy Protection Act (“COPPA”). Regulators across the pond in the EU has likewise viewed mobile apps and mobile devices as posing significant privacy and data security concerns. Responding […]
2013 Data Privacy, Information Security and Cyber Insurance Trends Report
On Data Privacy Day, recognized annually on Jan. 28th, Richard Santalesa, is quoted in the 2013 Data Privacy, Information Security and Cyber Insurance Trends Report, released each January by Cyber Data Risk Managers LLC. The Report surveys well-known industry experts and respected thought leaders, including Rick Kam, Bruce Schneier, Dr. Larry Ponemon and others, for […]
Whitepaper – Local & State Govt Data Security and Cyber Risks
Richard Santalesa introduced a whitepaper on legal risks and cyber insurance at this past week’s fall meeting of the New York State Association of Counties – dubbed the think tank for NY’s counties since 1923. The white paper was released at a breakout session on the meeting agenda addressing “Cyber Security and Cyber Risks in Your County” where Mr. Santalesa’s […]
Federal CIO Council Releases BYOD Toolkit
Bring Your Own Device (“BYOD”) is the latest overnight IT sensation. But like most “overnight sensations” the foundational work took years before now familiar names “suddenly” hit the bright lights. In broader response to the ongoing Consumerization of Information Technology trend (“COIT”), no less than the Federal government has jumped on the BYOD bandwagon. Last week […]
FTC Issues Final Commission Report on Protecting Consumer Privacy
Earlier today the Federal Trade Commission issued its long-awaited final report entitled “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers” (the “Framework”). The Framework focuses on three primary principles: 1) Privacy by Design; 2) Simplified Choice for Businesses and Consumers; and 3) Greater Transparency. The vote approving […]
NIST Releases Public Draft SP800-53 Addressing Cybersecurity Threats & Privacy Controls
Yesterday the National Institute of Standards and Technology (NIST) released the 4th iteration of what will ultimately be a mainstay document for federal agencies required to comply with provisions of the Federal Information Security Management Act (FISMA) and FIPS 200. As a result it should have a significant affect on federal cloud security practices that […]
Cloud Security, Data Breaches and the CFAA
Attorney Rich Santalesa provided commentary for a Business Insurance article titled, “Managing Cloud Computing Security Requires Planning” available at http://www.businessinsurance.com/article/20120115/NEWS07/301159998#full_story. And Santalesa comments again in an Information Week article dealing with a CFAA-related sentencing: “Patient Data Theft Sends IT Specialist To Jail” available at http://www.informationweek.com/news/healthcare/security-privacy/232400459
ACE USA Social Media Risk Podcast
Richard Santalesa recently joined other attorneys and risk management professionals from the ACE USA, the U.S.-based retail operating division of the ACE Group, to record a companion podcast to a joint whitepaper “Social Media: The Business Benefits May be Enormous, But Can the Risks – Reputational, Legal, Operational – be Mitigated?” The free podcast is available […]
Briefing Risk Management Executives on Cyber Security
Richard Santalesa will be briefing senior executives with responsibility for risk management Wednesday, Dec 14th, 2011 at a Symantec & Conventus event in Minneapolis. Registration is still open and additional information registration is available here.The topic: 2011 has been heralded as the year of the security breach. But what does that mean for you and […]
Contracting for Cloud Computing Services
The Knowledge Group/The Knowledge Congress Live Webcast Series, a leading producer of regulatory focused webcasts, has announced that attorney, Richard Santalesa, will be speaking at the Knowledge Congress’ webcast entitled: “Contracting for Cloud Computing Services: What You Need to Know” scheduled for February 14, 2012 from 12:00 PM to 2:00 PM ET. For more details […]
