In this collection of security tips for mobile devices SmartedgeLaw Group Attorney Richard Santalesa recommends keeping close tabs on mobile devices coming “off plan” in any BYOD scenario. The full article is available at: http://www2.idexpertscorp.com/resources/BestPracticesChecklists/13-security-tips-to-combat-mobile-device-threats-to-healthcare/
Ninth Circuit Narrows Reach of CFAA In En Banc US v Nosal Decision
The legal and online arenas have been abuzz the last several days in response to the Ninth Circuit’s issued en banc opinion in U.S v. Nosal, 2012 WL 1176119 (9th Cir. April 10, 2012), addressing the reach and scope of the oft-litigated and controversial, Computer Fraud and Abuse Act (CFAA), codified at 18 U.S.C. § […]
New Ponemon Data Breach Study Finds Breach Costs Have Fallen
Since its first issue seven years ago, the Ponemon Institute’s annual Cost of Data Breach Study (“CDBS”) has become a must read for privacy and breach professionals. The latest CDBS study, covering the 2011 year, can be considered a bookend to Verizon’s annual Data Breach Investigations Report, which 2012 edition was likewise recently released The […]
FTC Issues Final Commission Report on Protecting Consumer Privacy
Earlier today the Federal Trade Commission issued its long-awaited final report entitled “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers” (the “Framework”). The Framework focuses on three primary principles: 1) Privacy by Design; 2) Simplified Choice for Businesses and Consumers; and 3) Greater Transparency. The vote approving […]
NIST Releases Public Draft SP800-53 Addressing Cybersecurity Threats & Privacy Controls
Yesterday the National Institute of Standards and Technology (NIST) released the 4th iteration of what will ultimately be a mainstay document for federal agencies required to comply with provisions of the Federal Information Security Management Act (FISMA) and FIPS 200. As a result it should have a significant affect on federal cloud security practices that […]
NY Adopts Zubulake E-Discovery Standard
Last week NY’s most prominent state appellate level court formally fully adopted the Zubulake standard for e-discovery. In its opinion VOOM HD Holdings LLC, v EchoStar Satellite L.L.C., in which the defendant had appealed from the trial court’s grant of plaintiff’s motion to impose sanctions for the spoilation of evidence, the First Department of the […]
Richard Santalesa Appointed “Certified Mentor” by SCORE
Richard Santalesa, Member of the SmartedgeLaw Group has been accepted as a “certified mentor” to small and start-up business by the Greater Bridgeport Chapter of SCORE, a national volunteer organization with 365 chapters and 13,000 volunteers who provide free counseling/mentoring to individuals starting businesses as well as existing ongoing small businesses seeking advice on growing […]
NIST Issues Finalized Guidelines for Managing Security & Privacy in Public Cloud Computing
Say what you will about the federal government, the Nat’l Institute of Standards & Technology (“NIST“), part of the Department of Commerce, has certainly been busy over the past year releasing numerous special drafts and reports addressing cloud computing recommendations, security and issues. [Full disclosure: I’m a member of several NIST working groups, including one currently working […]
Cloud Security, Data Breaches and the CFAA
Attorney Rich Santalesa provided commentary for a Business Insurance article titled, “Managing Cloud Computing Security Requires Planning” available at http://www.businessinsurance.com/article/20120115/NEWS07/301159998#full_story. And Santalesa comments again in an Information Week article dealing with a CFAA-related sentencing: “Patient Data Theft Sends IT Specialist To Jail” available at http://www.informationweek.com/news/healthcare/security-privacy/232400459
A Handful of 2012 Privacy & Security Predictions
Even though 2011 was an extremely active year on the information security and privacy fronts – with a blizzard of proposed legislation, near weekly front page data breaches and the continued full leap into the cloud with its securities issues – I predict that 2012 events across the privacy and data security landscape will make […]
FTC Seeks Public Comments on Facial Recognition Technology
Although Christmas, the holiday season and the end of year break are on most people’s minds, the FTC soldiers on. Right before Christmas it announced that it’s seeking public comments on facial recognition technology, the latest bete noire to hit the privacy stage in some circles. The deadline for filing a public comment is January […]
ACE USA Social Media Risk Podcast
Richard Santalesa recently joined other attorneys and risk management professionals from the ACE USA, the U.S.-based retail operating division of the ACE Group, to record a companion podcast to a joint whitepaper “Social Media: The Business Benefits May be Enormous, But Can the Risks – Reputational, Legal, Operational – be Mitigated?” The free podcast is available […]
Briefing Risk Management Executives on Cyber Security
Richard Santalesa will be briefing senior executives with responsibility for risk management Wednesday, Dec 14th, 2011 at a Symantec & Conventus event in Minneapolis. Registration is still open and additional information registration is available here.The topic: 2011 has been heralded as the year of the security breach. But what does that mean for you and […]
Contracting for Cloud Computing Services
The Knowledge Group/The Knowledge Congress Live Webcast Series, a leading producer of regulatory focused webcasts, has announced that attorney, Richard Santalesa, will be speaking at the Knowledge Congress’ webcast entitled: “Contracting for Cloud Computing Services: What You Need to Know” scheduled for February 14, 2012 from 12:00 PM to 2:00 PM ET. For more details […]
W3C Publishes Draft “Do-Not-Track” Standards
After a flurry of “Do-Not-Track” announcements and proposals early this year by the IETF, CDT, Microsoft and Mozilla, in response to the FTC’s release of its December 2010 draft privacy framework, which we covered in detail, the W3C’s Tracking Protection Working Group recently released the second draft of its Do-Not-Track standards in two parts: a […]
