A recent publication from the National Conference of State Legislatures has highlighted several intriguing trends with regards to recent and upcoming data breach legislation. Given most states reactive nature, the 2013 holiday season generated a “we must do something!” response in many state capitols following the front page data breaches of Target and Neiman Marcus. […]
Ready for Your HIPAA Compliance Audit? HHS’ OCR Sure Is…
It’s been a long time coming. Now it’s here. The Department of Health and Human Services’ Office for Civil Rights (“OCR”) recently placed a notice in the Federal Register that it intends to survey up to 1,200 covered entities (health plans, health care clearinghouses, and certain health care providers) and business associates to “determine their […]
“BigData” Hat Tip for Sm@rtEdge
Attorney Richard Santalesa and the Sm@rtEdgeLaw Group were highlighted in a short Fierce Data article on “How to draft big data contracts.” Contracting for big data services and the issues surrounding onboarding and combination of consumer data, whether “anonymized” or not, from third party sources is neither a trivial matter, nor a mere extension of […]
Between a Rock and Google Plus
An interesting question has come in from several clients, large and small, lately as to remedies and options they have for recovering a social media account. While the latest inquiries seem, for whatever reason, to be focused on Google+ the same scenarios apply to other social media outlets. Typically two scenarios are common. The first […]
BYOD Doesn’t Mean “Bring Your Own Data Breach”
4th Annual Ponemon Benchmark Study – Reveals New Problems for PHI Security Same as it ever was? You’d be forgiven for thinking that after reading the Fourth Annual Benchmark Study on Patient Privacy & Data Security Report (the “Study”). Conducted by the Ponemon Institute and sponsored by our friends at ID Experts, the picture […]
Why the Cybersecurity Framework Matters for Your Security Programs
Richard Santalesa’s latest IAPP Privacy Perspectives commentary discussing what the National Institute of Standards and Technologies “Cybersecurity Framework” means for privacy and risk management professionals – and by extension your infosec and data security efforts – is up. The Framework is likely to be very influential going forward as federal agencies, government contractors and ultimately […]
NIST Cybersecurity Framework Telebriefing – Mar. 13
UPDATE: Registration now open for our upcoming LSI Telebriefing on March 13, 1pm ET covering the “NIST Framework for Improving Critical Infrastructure Cybersecurity.” Registration information here. It should be an interesting and engaging discussion ahead of NIST’s March 27 State and Local Government Cybersecurity Framework Kickoff Workshop. Original: The SmartedgeLaw Group will moderate a telebriefing […]
Mobile Data Tracking – Takeaways from 1st FTC Spring Privacy Seminar
The FTC held its first seminar in the agency’s Spring Privacy Series yesterday on the hot topic of Mobile Device Tracking. In over two-hours the well-attended panel discussion covered privacy, security and regulatory issues raised by mobile tracking joined by Twitter users posting comments via the #FTCMobile hashtag. With the billion dollar mobile app market […]
FTC and FBI Issue Warning About “CryptoLocker” Malware
Safeguarding data security and privacy is a constant battle. We always recommend the use of encryption for mobile devices, laptops and all crucial company data or consumer records containing personal, sensitive or medical information. In a devilish twist, however, cyber criminals have turned encryption against unsuspecting victims, to beg the question: “Are your computer files […]
NIST Issues Final “Critical Infrastructure Cybersecurity Framework” So?
The National Institute of Standards and Technology (“NIST”), part of the Dept of Commerce, has been at the forefront of federal cyber and information security efforts, issuing numerous “Special Publications” addressing cyber and data security issues, risk management, encryption, mobile security and related topics. It’s latest significant release on Feb. 12th of the final Critical […]
Finally. Google Cloud Announces it will enter into HIPAA BAA’s
Well, it took long enough. Google Cloud Platform service has finally publicly announced they will willingly enter into Business Associate Agreements (“BAA’s”) with “Covered Entities” regarding use of Google Cloud services and Protected Health Information (“PHI”). Google’s announcement comes nearly five months the after Sept 23, 2013 effective date for compliance with the HIPAA/HITECH Omnibus […]
FTC Approves 6th COPPA Safe Harbor Program – kidSAFE+
Today, the Federal Trade Commission (“FTC”) approved the kidSAFE Seal Program as a “safe harbor program” under the Children’s Online Privacy Protection Act (COPPA) and the agency’s COPPA Rule. This make kidSAFE+ the 6th approved safe harbor program – joining Aristotle, inc., the children’s Advertising Review Unit of the Council of BBB’s, the Entertainment Software […]
Sm@rtedgeLaw: In the News – Quoted by SearchSecurity
Continuing our well-established practice of being go-to resources for the tech and legal press, Richard Santalesa of the Sm@rtedgeLaw Group was interviewed by Eric Parizo of SearchSecurity.com for his story Verizon PCI report: Pen testing, passwords cause PCI assessment gaffes to discuss the state of PCI and the 2014 Verizon PCI Compliance Report, which we […]
What the Walking Dead Can Teach Us About Vendor Agreements
As fans of the AMC hit series, The Walking Dead, last night’s mid-season premiere drove home that the show is fundamentally an examination of basic morality. And contract law. And the vital importance of “vetting” third-party contractors. Think we’re stretching things? Read on… for what the Walking Dead teaches about your vendor agreements and dealing […]
2014 Verizon PCI Report Reveals Much Work Needed For Compliance
Update: Richard Santalesa of the Sm@rtedgeLaw Group was interviewed by Eric Parizo of SearchSecurity.com for the story Verizon PCI report: Pen testing, passwords cause PCI assessment gaffes to discuss PCI and the 2014 Verizon PCI Compliance Report. Verizon’s 2014 PCI Compliance Report (“PCR”) is now available for free download in “pre-release.” Along with Verizon’s annual […]
