Archives: Data Security

Subscribe to Data Security RSS Feed

A CIO Budget Playbook for 2018

It’s that time of the year again, budget season. A time when organizations set priorities on how to strategically spend their money in 2018. In the information technology (IT) world this can be a daunting task for any CIO. According to Gartner, artificial intelligence (AI), machine learning, and tools such as conversational platforms, digital twins … Continue Reading

Is Blockchain the Answer to Identity Management?

Considering the recent Equifax data breach which put an estimated 145.5 million American’s identity at risk, main stream media outlets are starting to ask an important question; if we can’t stop data breaches, how do we project our identity? According to data from the Identity Theft Resource Center, U.S. companies and government agencies have disclosed … Continue Reading

FTC Issues ‘Stick with Security’ Guidance Emphasizing Data Security Best Practices

The Acting Director of the FTC’s Bureau of Consumer Protection, Thomas B. Pahl, recently commenced a ‘Stick with Security’ series of blog posts that analyze the data security principles championed by the FTC in its Start with Security guidance. The posts are intended to impart lessons the FTC has learned via investigations and enforcement actions, … Continue Reading

EFF Report Finds That Student Data is Not Adequately Protected By Ed Tech Companies

On April 13, 2017, the Electronic Frontier Foundation (EFF) published Spying on Students, a report detailing its investigation into school-issued devices and student privacy. EFF found that parents were overwhelmingly not informed about what educational technology (Ed Tech) their students were using. As a result, students and/or parents were the ones burdened with investigating what … Continue Reading

IRS to Notify 100,000 Taxpayers That Their Information May Have Been Obtained Through Misuse of FAFSA Retrieval Tool

On Thursday, Internal Revenue Service (“IRS”) Commissioner John Koskinen testified that the personal data of up to a 100,000 taxpayers could have been compromised as a result of criminal use of the Free Application for Federal Student Aid Data Retrieval Tool (“DRT”). Last week, we posted that the IRS disabled the tool after it suspected … Continue Reading

The Truth in Mac Security

For decades, it has been assumed that MacBook and iPhone devices are hack proof and virus free. Their advertisements and claims for being indestructible were never questioned. Yet, nothing is truly immune to intrusion. Consumers pay a high premium for the slick and glossy Apple devices. Their superior brand has continued to sell and grow … Continue Reading

WhatsApp Security Flaw, Lawsuit in Germany

Tobias Boelter, a University of California Berkeley cryptography researcher claims that last year he found a security flaw in WhatsApp’s encrypted smart phone messaging application. The flaw, which relates to the unique security keys exchanged between WhatsApp users, is reported to allow third parties, including governments, to intercept messages in transit. Mr. Boelter informed Facebook, … Continue Reading

Toys Not Immune from Scrutiny Over Privacy and Security Weaknesses

In the wake of the holiday season, it seems that even toys are not immune from privacy and security pitfalls. Two “connected” toys, Genesis Toys’ My Friend Cayla and i-Que robot, have been accused of violating U.S. and European privacy, security and advertising laws. The toys at issue provide children with an interactive experience via … Continue Reading

Transatlantic Data Transfer: An Update

The EU-US Privacy Shield, designed to protect EU citizens’ personal data when it is transferred to US organisations, has now been in place for a couple of months. How is it shaping up? How we arrived at the Privacy Shield… Under current EU data protection laws, as well as under the forthcoming General Data Protection Regulation … Continue Reading

NAIC Released Draft of Revised Insurance Data Security Model Law for Review

The National Association of Insurance Commissioners’ (NAIC) Cybersecurity Task Force released a revised draft of the Insurance Data Security Model Law (Model Law) last week. The Model Law’s goal is to “establish exclusive standards… for data security and investigation and notification of a data breach” for “any person or entity licensed, authorized to operate, or … Continue Reading

Black Hat reports increase in cybersecurity concerns

The 2016 Black Hat Attendee Survey was published in advance of the 2016 Black Hat Conference.  Not surprisingly, the respondents to the survey conveyed an increased concern regarding security breaches versus 2015. An alarming 72% of respondents believe it likely that their organizations will have to deal with a major data breach in the year … Continue Reading

ATM vulnerability – Banks beware!

It is said that a chain is only as strong as its weakest link.  Often the same is said for an organization’s data privacy & security defensives. Could it be that the ubiquitous ATM machine is the weak link to the banking system?  Thursday, July 14, IBSintelligence.com reported that in Taiwan, thieves, possibly using a … Continue Reading

Physical security still an issue: Pruitt Health suffers breach in break-in

The importance of physical security and the risk associated with the unauthorized access to or loss of paper records is clear from recent experiences of Pruitt Health in South Carolina. On March 2, 2016, an intruder broke the front door glass of one of its home health locations and had access to paper medical records … Continue Reading

Facial Recognition Guidelines issued by NTIA and approved by IBIA

On June 15, 2016, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) issued its facial recognition best practices, which were developed by a multi-stakeholder group convened by NTIA. The best practices document, titled “Privacy Best Practice Recommendations for Commercial Facial Recognition Use,” is intended to be a code of conduct for the … Continue Reading

Wells Fargo Unveils Plan to Better Protect Small Business Customer Account Information

On June 7, Wells Fargo announced a partnership with software firm, Xero, that is intended to allow small businesses to share bank information without sharing their bank passwords with third parties, such as Quicken, who provide services to the business customers.  The small business customers will log into Xero’s website using a different account designation … Continue Reading

PCI DSS version 3.2 contains substantial changes for payment card processors and their service providers

In April, 2016, the Payment Card Industry Security Standards Council published a new version of the PCI Data Security Standard (PCI DSS). PCI DSS Version 3.2 is intended to emphasize the importance of validating the existence and testing effectiveness of security controls for parties in the payment card collection and processing chain. The changes are … Continue Reading

Blockchain: What is all the buzz about?

Blockchain technology, introduced as the magic behind Bitcoin, is being touted by many as the next major disruptive innovation – in global trade and way beyond. At its core, Blockchain shifts the accounting function from third-party financial institutions and intermediaries to thousands of nodes (computers) on the Blockchain network that collectively maintain a public ledger … Continue Reading

Council of European Union and the European Parliament approve General Data Protection Regulation; U.S. Privacy Shield faces criticism from Article 29 working group

The General Data Protection Regulation (GDPR) was recently approved by the 28 member states of the Council of European Union. By plenary vote, the European Parliament approved GDPR on April 14. The GDPR will take effect two years after publication in the E.U. Official Journal, which is expected to be in May. The GDPR, which … Continue Reading

WhatsApp adds end-to-end encryption

More than a billion people on the planet use online messaging service WhatsApp to send and receive messages, photo and videos and to make phone calls over the Internet. Most of WhatsApp’s users are outside the United States. A subsidiary of Facebook since 2014, WhatsApp just announced the addition of end-to-end encryption to every form … Continue Reading
LexBlog