Considering the recent Equifax data breach which put an estimated 145.5 million American’s identity at risk, main stream media outlets are starting to ask an important question; if we can’t stop data breaches, how do we project our identity? According to data from the Identity Theft Resource Center, U.S. companies and government agencies have disclosed 1,022 breaches in 2017 so far. The idea that the social security number is the foundation of our identity is under more scrutiny than ever. Bloomberg reported recently that the Trump administration is considering ways in which it can replace the social security number as a means of federal identification. So, can blockchain technology solve our identity management (IDM) problem?

Continue Reading Is Blockchain the Answer to Identity Management?

The Acting Director of the FTC’s Bureau of Consumer Protection, Thomas B. Pahl, recently commenced a ‘Stick with Security’ series of blog posts that analyze the data security principles championed by the FTC in its Start with Security guidance. The posts are intended to impart lessons the FTC has learned via investigations and enforcement actions, and to highlight good/bad practices implemented by businesses, since the FTC’s issuance of its Start with Security guidance in June 2015.

In its first three posts (available here, here, and here), the FTC emphasized a number of straightforward best practices that can help businesses mitigate potential penalties in the event of a data security incident, including:
Continue Reading FTC Issues ‘Stick with Security’ Guidance Emphasizing Data Security Best Practices

On April 13, 2017, the Electronic Frontier Foundation (EFF) published Spying on Students, a report detailing its investigation into school-issued devices and student privacy. EFF found that parents were overwhelmingly not informed about what educational technology (Ed Tech) their students were using. As a result, students and/or parents were the ones burdened with investigating what Ed Tech was used, what privacy policies were governed, and what privacy implications they may carry. Not surprisingly, parents were particularly concerned with what personally identifiable information was being collected and whether that information would be shared or sold.

EFF also analyzed the privacy policies of every Ed Tech app, software, programs or services identified by its survey recipients. Of the 152 Ed Tech services reported, only 118 had privacy policies available online. Few policies addressed deletion of data after periods of inactivity. Less than a third stated that the vendor used encryption or mentioned de-identification or aggregation of user data.
Continue Reading EFF Report Finds That Student Data is Not Adequately Protected By Ed Tech Companies

On Thursday, Internal Revenue Service (“IRS”) Commissioner John Koskinen testified that the personal data of up to a 100,000 taxpayers could have been compromised as a result of criminal use of the Free Application for Federal Student Aid Data Retrieval Tool (“DRT”). Last week, we posted that the IRS disabled the tool after it suspected

Last week, the Internal Revenue Service (IRS) and Federal Student Aid (FSA) announced that the Data Retrieval Tool (DRT) on fafsa.gov and StudentLoans.gov will be unavailable until extra security protections could be added. Since 2010, students have been able to use the DRT to transfer tax data directly into the Free Application for Federal Student

For decades, it has been assumed that MacBook and iPhone devices are hack proof and virus free. Their advertisements and claims for being indestructible were never questioned. Yet, nothing is truly immune to intrusion.

Consumers pay a high premium for the slick and glossy Apple devices. Their superior brand has continued to sell and grow throughout the years. With each new release or upgrade, their developers have patched up security holes and weaknesses while managing to stay under the radar.

Apple products in the business world take up less than 4 percent, therefore they are less of a target for  hackers to attack. Why develop a code for malware or a virus for a product that has such a small market share? Creating a Trojan virus that thrives in Windows code and spreads around a network of similar devices, is much more effective than attacking a lone device. 
Continue Reading The Truth in Mac Security

Tobias Boelter, a University of California Berkeley cryptography researcher claims that last year he found a security flaw in WhatsApp’s encrypted smart phone messaging application. The flaw, which relates to the unique security keys exchanged between WhatsApp users, is reported to allow third parties, including governments, to intercept messages in transit.

Mr. Boelter informed Facebook,

In the wake of the holiday season, it seems that even toys are not immune from privacy and security pitfalls. Two “connected” toys, Genesis Toys’ My Friend Cayla and i-Que robot, have been accused of violating U.S. and European privacy, security and advertising laws.

The toys at issue provide children with an interactive experience via

The EU-US Privacy Shield, designed to protect EU citizens’ personal data when it is transferred to US organisations, has now been in place for a couple of months. How is it shaping up?

How we arrived at the Privacy Shield…

Under current EU data protection laws, as well as under the forthcoming General Data