Archives: Data Security

Subscribe to Data Security RSS Feed

Physical security still an issue: Pruitt Health suffers breach in break-in

The importance of physical security and the risk associated with the unauthorized access to or loss of paper records is clear from recent experiences of Pruitt Health in South Carolina. On March 2, 2016, an intruder broke the front door glass of one of its home health locations and had access to paper medical records … Continue Reading

Facial Recognition Guidelines issued by NTIA and approved by IBIA

On June 15, 2016, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) issued its facial recognition best practices, which were developed by a multi-stakeholder group convened by NTIA. The best practices document, titled “Privacy Best Practice Recommendations for Commercial Facial Recognition Use,” is intended to be a code of conduct for the … Continue Reading

Wells Fargo Unveils Plan to Better Protect Small Business Customer Account Information

On June 7, Wells Fargo announced a partnership with software firm, Xero, that is intended to allow small businesses to share bank information without sharing their bank passwords with third parties, such as Quicken, who provide services to the business customers.  The small business customers will log into Xero’s website using a different account designation … Continue Reading

PCI DSS version 3.2 contains substantial changes for payment card processors and their service providers

In April, 2016, the Payment Card Industry Security Standards Council published a new version of the PCI Data Security Standard (PCI DSS). PCI DSS Version 3.2 is intended to emphasize the importance of validating the existence and testing effectiveness of security controls for parties in the payment card collection and processing chain. The changes are … Continue Reading

Blockchain: What is all the buzz about?

Blockchain technology, introduced as the magic behind Bitcoin, is being touted by many as the next major disruptive innovation – in global trade and way beyond. At its core, Blockchain shifts the accounting function from third-party financial institutions and intermediaries to thousands of nodes (computers) on the Blockchain network that collectively maintain a public ledger … Continue Reading

Council of European Union and the European Parliament approve General Data Protection Regulation; U.S. Privacy Shield faces criticism from Article 29 working group

The General Data Protection Regulation (GDPR) was recently approved by the 28 member states of the Council of European Union. By plenary vote, the European Parliament approved GDPR on April 14. The GDPR will take effect two years after publication in the E.U. Official Journal, which is expected to be in May. The GDPR, which … Continue Reading

WhatsApp adds end-to-end encryption

More than a billion people on the planet use online messaging service WhatsApp to send and receive messages, photo and videos and to make phone calls over the Internet. Most of WhatsApp’s users are outside the United States. A subsidiary of Facebook since 2014, WhatsApp just announced the addition of end-to-end encryption to every form … Continue Reading

FCC unveils broadband privacy rules for Internet service providers

We have been waiting for—and the Federal Communications Commission (FCC) delivered—its long anticipated broadband data privacy and security rules on March 10, 2015. Through the proposed rules, the FCC has declared its enforcement authority over the data privacy and security practices of Internet service providers (ISPs), much to the chagrin of the industry, which argues … Continue Reading

Lesson in the history of the Gramm-Leach Bliley privacy protections: Victoria’s Secret started it all

Did you know that a Victoria’s Secret catalog is one of the top reasons that Congress included privacy protections in the Gramm-Leach Bliley Act (GLB Act)? The GLB Act protects consumers’ financial information and requires financial institutions to explain their information-sharing practices to consumers. These privacy protections were introduced by Representative Ed Markey of Massachusetts … Continue Reading

MFA – Multi-Factor Authentication

Every morning we sit down at our computers and provide our credentials to the network; user name and password.  Because it has become such a ubiquitous part of modern life, we have a user name and password to everything, we even have password management applications.  This system of challenge and response is designed to prove … Continue Reading

EU and US agree to new safe harbor data transfer pact

The U.S. Department of Commerce and the European Commission announced on Tuesday that they have entered into a new transatlantic safe harbor transfer agreement, which comes two days after the deadline set by EU data protection authorities. The pact, according to the EU Commission, known as the EU-U.S. Privacy Shield, includes stronger obligations for U.S. … Continue Reading

Backdoors to encryption protocols vs. cybersecurity: weighing priorities in the U.S. and abroad

With the revelations that the Paris and San Bernardino attackers used encrypted communications to recruit, communicate and plan their attacks, the U.S. government is again pushing the tech industry to provide it backdoor access to encryption protocols. Bypassing security mechanisms through a backdoor, law enforcement believes, permits it to more effectively track users and content, … Continue Reading

Increased focus on third party risk assessment, audits and oversight in 2016

For vendors or suppliers or other companies providing outsourced services or components or supplies and for the customers of such services or suppliers, 2016 means an increased demand on your limited time and manpower to respond to or review risk information security assessments, host or perform audits, and generally oversee or be subject to oversight. … Continue Reading

2016 year of peak phishing attacks?

Early studies on the causes of data breaches found many occurred after laptops, flash drives or other mobile devices were lost or stolen. But in recent years, data breaches have largely resulted from organized online-targeted phishing, scanning or skimming attacks against individuals and companies.  The attackers sought personal and financial data to use or sell … Continue Reading

Password authentications should become more obsolete

The username/password method of authentication is dying, albeit slower than many of us would like. In 2016, we should see a continued trend of replacing password authentication as the primary method for navigating through cyberspace. We all know the challenges of password authentication. The number of access points that require passwords is growing making it … Continue Reading

RBAC – Is it implemented in your organization?

Traditionally it was very common for organizations to adopt an optimistic security model. Give everyone access to everything unless specifically denied access to sensitive areas, like HR or Finance. While this approach is generally regarded as more convenient for end users, it is less secure and leaves organizations more vulnerable than pessimistic security models. Pessimistic … Continue Reading

Increased risk of ‘Medjacking’ calls for better security measures on medical devices

Did you know that right now we have about 5 billion connected smart devices in use? Is it surprising that it is predicted that by 2020 that number will skyrocket to 25 billion? Of all these connected devices, a significant portion of these devices will be medical devices such as pacemakers, in-home monitoring systems and … Continue Reading

Massachusetts develops a remote-controlled contraceptive chip

Ladies and gentlemen, introducing the remote-controlled contraceptive computer chip. Releasing measured doses of the levonorgestrel hormone, these computer chips can be implanted under a woman’s skin as a new form of birth control, presumably starting in 2018. While there are certainly other types of contraceptives that can be implanted under a woman’s skin, the only … Continue Reading

The rules of preservation: “reasonable steps” under Amended Rule 37(e)

Amended Federal Rule of Civil Procedure 37(e), which takes effect on December 1, 2015, authorizes courts to impose sanctions if electronically stored information (ESI) is lost because a party failed to take “reasonable steps to preserve it.” Although “reasonable steps” is a phrase that will surely be litigated and ultimately defined by the courts, the … Continue Reading

Google Mandates Full Disk Encryption

With the release of Android 6.0, code name Marshmallow, Google has mandated that OEMs (Original Equipment Manufacturers) enable full disk encryption. Google is requiring that the feature be enabled as part of the ‘out of box experience’ for customers setting up new mobile devices. Google previously attempted to do the same for Android 5.0, code name Lollipop, … Continue Reading
LexBlog