OneTrust_Banner-ad-demo
MediaPro_Ldbd_08_18_16
BNA_PA_09_16_Privacy Laws-728x90
DPC16_Banner_300x250-COPY
Certification_Ad_300x250final-01
PSR16_WebBanner_300x250-wCopy

(Aug 26, 2016) In 2013, when the Snowden revelations broke, Susan Hennessey was just going through on-boarding for a position in the Office of the General Counsel at the U.S. National Security Agency. In this episode of The Privacy Advisor Podcast, Hennessey discusses the ways in which things did or did not change at the agency during what Hennessey calls, "the hurricane." She says, despite the politics playing out on the world stage, there was an understanding between global intelligence agencies that the show must go on. She also says — brace yourself — data localization is inevitable. Read More

Daily Dashboard

Top five company fails in breach-preparedness

(Aug 26, 2016) Over the last couple of years, there has been an optimistic increase in company breach-preparedness levels. However, within that same time period, some of the largest, most destructive breaches took place. Think Ashley Madison, LivingSocial, Hilton, Neiman Marcus and JP Morgan. This contradiction begs the question — if more organizations are aware of security risks and are taking steps to address the issue, but large breaches are continuing at breakneck speed, are businesses going about preparedness the wrong way? Michael Bruemmer, CIPP/US, explores in this exclusive for The Privacy Advisor. Editor’s Note: The IAPP will be hosting a Data Breach Bootcamp at the Privacy. Security. Risk. conference from Sept. 13-16 in San Jose, California. Read More

Daily Dashboard

Sage hack has analysts worried that UK companies aren’t breach-serious

(Aug 26, 2016) The data breach saga at Sage Group has some in the U.K. wondering whether companies are taking enough initiative to protect their data or understand the consequences of a hack, Financial Times reports. “A breach of [Sage’s] nature naturally raises questions, for example, around whether companies are doing enough to prevent these breaches,” said Sophos Chief Technology Officer Joe Levy. Since the attack, Sage’s shares have dropped four percent, the report states. “Yet for many companies, the issu... Read More

Daily Dashboard

Data science helping organizations stop insider threats

(Aug 26, 2016) TechCrunch reports on data science’s role in helping organizations crack down on insider threats. Data science is used to extract knowledge and detect patterns. The information it produces can help an organization define normal user behavior based on identities, roles, and working circumstances. Using data science can help point out abnormal user behavior, stop insider threats, and help lower the amount of false positives. “Most users have rather clean and repeating patterns in their work from a statistics point of view,” said F-Secure Labs Lead Researcher Jarno Niemelä. “Thus, alarming changes in the users’ behavior can be detected with suitable near real-time statistics analysis tools, supported by heuristics and machine learning systems.” Read More

Daily Dashboard

Could Facebook, EU law clash over anti-ad blocking measures?

(Aug 26, 2016) European law may make Facebook’s attempts to disable use of ad blockers illegal, The Daily Dot reports. Article 5(3) of the European ePrivacy Directive mandates companies gain consent from users before storing or accessing data on their devices, as with cookies and oftentimes “ad blocking detectors,” the report states. The U.K.’s Information Commissioner’s Office found the issue a cut-and-dry one, issuing a statement in favor of user consent. Not everyone agrees. “[In] all of the above cases, th... Read More

Daily Dashboard

Third Circuit dismisses Benecard suit after plaintiff appeal

(Aug 26, 2016) The Third Circuit Court of Appeals has agreed with the U.S. District Court for the Middle District of Pennsylvania in siding with Benecard Services’ motion to dismiss a class action against it. The case stemmed from a 2015 breach of Benecard’s computer system, during which unidentified thieves accessed and used the employee plaintiffs’ personal data to successfully file fraudulent tax returns, according to a court filing. Plaintiffs then sued Benecard, citing negligence. However, “in granting Benecard’s motion to dismiss, the District Court held that Pennsylvania’s economic loss doctrine barred plaintiffs’ negligence claim, and that plaintiffs’ breach of implied contract claim failed to state a claim under Rule 12(b)(6),” the documents state. Editor’s Note: The pdf we link to seems best viewed in Chrome. Read More

Daily Dashboard

Insurance commissioners’ Cybersecurity Task Force releases revised insurance data model law

(Aug 26, 2016) On Aug. 17, the National Association of Insurance Commissioners Cybersecurity Task Force published a revised draft Insurance Data Security Model Law for public comment, Lexology reports. This version updates the April publication, which received more than 40 public comments, a Spring National Meeting discussion, and a two-day interim meeting, the report states. While the purpose of the model law is ultimately to “establish exclusive standards … for data security and investigation and notificatio... Read More

Daily Dashboard

Baltimore PD defends city’s latest surveillance program

(Aug 26, 2016) The Baltimore Sun reports the city’s police department is defending a new surveillance program after facing several questions about the practice. A privately owned company is strapping several cameras onto a small Cessna airplane, recording hundreds of hours of footage, and flying about 8,000 feet above the city. The footage is sent to analysts, who can track individuals and vehicles across Baltimore. Police spokesman T.J. Smith said the program is an extension of the existing network of street-... Read More

Daily Dashboard

Colorado school district denies alleged breach

(Aug 26, 2016) The Complete Colorado reports on the debate between Lewis-Palmer School District 38 and concerned parties over a possible breach of student data. The district used Google Apps for Education for student email accounts, made up with a student’s district identification number. Anyone with an email address could download a complete contact list of district students if they had an email account. The contact list could then be used to access Infinite Campus, a program containing the personal data of t... Read More

Daily Dashboard

Pierre-Paul suit against ESPN to proceed

(Aug 26, 2016) Miami Federal Judge Marcia Cooke has decided not to dismiss New York Giants lineman Jason Pierre-Paul’s suit against ESPN, the AP reports. The suit centers on ESPN’s 2015 release of Pierre-Paul’s medical records following a firework mishap. “The lawsuit claims ESPN and a network reporter violated his privacy and Florida medical confidentiality laws by posting the records on social media,” the report states. “The network argued that the records merely bolstered a news report.” The case will have its day in court during August 2017. Read More

Daily Dashboard