ACI_Q2_Ads_successful-728x90
ACI_Q2_Ads_battletested-728x90
ACI_Q2_Ads_disaster-728x90
S16_Header_300x250
beLikeStacey-01

(Feb 9, 2016) IAPP member and managing director of Venable’s cybersecurity service, Ari Schwartz, talks about his long and illustrious security career with The Hill. Of particular focus is his transition from the White House National Security Council to law firm Venable in October. “On my first day, I talked to a bunch of clients here that really, clearly needed help at just [developing] a more granular vision” regarding cybersecurity,” Schwartz said. “A lot of companies are dealing with that realization, ‘Oh... Read More

Daily Dashboard

Lincare found guilty of negligence, owes OCR $239,800 in fines

(Feb 9, 2016) A U.S. Department of Health and Human Services Administrative Law Judge found Lincare in violation of HIPAA, ruling that the company had to pay the Office for Civil Rights $239,800 in fines, the agency announced in a statement. The ruling is the culmination of an investigation that found employee negligence and a lack of privacy safeguards led to the exposure of client data. “The decision in this case validates the findings of our investigation,” said OCR Director Jocelyn Samuels. “All covered entities … must ensure that, if their workforce members take protected health information off-site, they have adequate policies and procedures that provide for the reasonable and appropriate safeguarding of that PHI,” she added. Read More

Daily Dashboard

Department of Justice, Homeland Security employees’ data breached

(Feb 9, 2016) An unidentified thief gained access to the personal data of “thousands” of Department of Homeland Security and Justice Department employees, The New York Times reports. The data taken appeared to have been gleaned from an internal employee directory, housing workers’ job titles and emails. “There is no indication at this time that there is any breach of personally identifiable information,” said Justice Department spokesman Peter Carr. While details remain murky, agency representatives pegged the attack as “a social engineering breach, which could involve pulling personal information from social media and using it to determine passwords,” the report states. Read More

Daily Dashboard

Utah proposes anti-doxing bill

(Feb 9, 2016) The Utah House of Representatives proposed a new bill Monday that amends the state’s criminal code to include so-called doxing — the process of leaking someone’s personally identifiable information online against their consent — but, critics fear the bill’s broad language would stifle free speech, Ars Technica reports. Utah HB 255 includes provisions that would outlaw denial-of-service attacks and false emergency reports – also known as swatting. Though the state already has a law th... Read More

Daily Dashboard

UK Parliament group says spy bill has poor privacy protections

(Feb 9, 2016) The controversial U.K. surveillance bill — the Investigatory Powers Bill — is facing scrutiny from a parliamentary group, Bloomberg Business reports. According to the Intelligence and Security Committee of Parliament, the current draft “appears to have suffered from a lack of sufficient time and preparation” and does not provide citizens with enough privacy protection as it would allow intelligence agencies to have too much bulk access to personal data. Meanwhile, the Christian Scien... Read More

Daily Dashboard

John Perry Barlow on his cyber manifesto 20 years later

(Feb 9, 2016) Twenty years after Electronic Frontier Foundation founder and Grateful Dead songwriter John Perry Barlow penned “A Declaration of the Independence of Cyberspace” at the World Economic Forum in Davos, The Economist asks him to look back upon his work. “I will stand by much of the document as written,” he said of his 844-word manifesto. “I believe that it is still true that the governments of the physical world have found it very difficult to impose their will on cyberspace.” In retrospect, howeve... Read More

Daily Dashboard

On tough regulation for data miners

(Feb 9, 2016) Companies like IMS Health, cloaked in mystery, gather and sell a wealth of American anonymized health data without disclosing specific privacy controls or even whether patients are able to opt their data out of collection practices, Fortune reports. “We seem to be spending a disproportionate amount of time hammering government (albeit rightly so) when the big industry ‘hosts’ of our data have so much control,” said the University of Edinburgh’s Claudia Pagliari. “Only more sophisticated laws and more extreme corporate penalties are likely to deter the misuse of this data,” she added. Read More

Daily Dashboard

Passwords: A thing of the past?

(Feb 9, 2016) As Alphabet moves forward with its “sign in with your phone” beta test and Apple’s Touch ID already permits users to access numerous accounts with their fingerprint, technologists and security professionals consider the future of the much-maligned password. "People tend to pick the less secure passwords in the largest numbers, so passwords are a bad idea from a security point of view,” said Johns Hopkins University’s Matthew Green. While replacing them with something more secure has advantages, the phone-based trends might not yet have the maturity necessary to replace the password. "I think these things are neat ideas, but they're too flaky right now for us to really rely on them,” Green added. Read More

Daily Dashboard

On the Super Bowl and surveillance

(Feb 8, 2016) As many in the U.S. watched Super Bowl 50 last night, the city of San Francisco and surrounding areas — including Santa Clara, where the actual game was held — have faced two weeks of ramped-up security. Traditionally, sporting events and music festivals require a trade-off between privacy and access to the event. Yet, this is usually done at the event’s entrance. This year’s Super Bowl, however, with increased concerns about terrorism, has not only increased use of surveillance at the game, but in many parts of the city as well — affecting people that may not want anything to do with the game. In this post for Privacy Perspectives, Jedidiah Bracy, CIPP/E, CIPP/US, looks into the security precautions in San Francisco and what it means for the privacy of those living in the area. Read More

Daily Dashboard

FCC issues CPNI cert enforcement advisory

(Feb 8, 2016) The Federal Communications Commission has issued an enforcement advisory reminding telecommunications and interconnected VoIP providers to file their annual reports that certify compliance with the agency’s Customer Proprietary Network Information rules by March 1. The FCC notes that protecting CPNI is of “paramount importance, as CPNI includes some of the most sensitive personal information that carriers have about their customers as a result of their business relationship.” The advisory also warns that the FCC intends “to strictly enforce the rules.” Companies out of compliance face up to $160,000 per violation and up to a maximum of $1,575,000. Read More

Daily Dashboard