FDA issues draft guidance for cybersecurity management in medical devices

(Oct 22, 2018) A draft of updated premarket guidance from the U.S. Food and Drug Administration shows that manufacturers should prepare a “cybersecurity bill of materials” before marketing medical devices, GovInfoSecurity reports. The requirement would require manufacturers to produce a list of the components that could be susceptible to vulnerabilities. FDA Commissioner Scott Gottlieb said, "Because of the rapidly evolving nature of cyber threats, we're updating our [premarket] guidance to make sure it reflec... Read More

The threat of quantum computers for the internet

(Oct 22, 2018) An article for The Economist examines how quantum computers will impact the internet and when they will become available. While some venture to guess such a computer will be available sometime between 2030 and 2040, the National Institute of Standards and Technology has already begun a competition to devise quantum-resistant proposals, with conclusions expected in 2024. The article states, “All this means that quantum-proofing the internet is shaping up to be an expensive, protracted and probabl... Read More

Sidewalk Labs' phone location tool raises privacy concerns for smart-city project

(Oct 19, 2018) The Toronto Star reports on a tool Sidewalk Labs plans to sell to Illinois that it also plans to bring to its Sidewalk Toronto smart-city project. The tool, called Replica, maps out commuting patterns based on cellphone location data. Sidewalk Labs claims it de-identifies the information in order to protect user privacy, but Canadian privacy professionals are concerned about the use of Replica in the country. “This is precisely the type of technology that shows the unique power of citizen and se... Read More

Survey: Canadian businesses spent $14B on cybersecurity in 2017

(Oct 19, 2018) A survey from Statistics Canada finds Canadian businesses spent $14 billion on cybersecurity in 2017, the Financial Post reports. The survey also reveals more than one in five businesses suffered a cyberattack last year, but only 10 percent of those businesses reported the incident to law enforcement. Of the $14 billion Canadian businesses devoted to cybersecurity, $8 billion went to the addition of staff and contractors, $4 billion went to software and hardware, and $2 million was spent on reco... Read More

Employment, compliance and data sharing top Brexit's cybersecurity threat landscape

(Oct 18, 2018) To map the cybersecurity threat landscape of a post-Brexit scenario, Forbes reports on what it identifies as the three main areas of concern: employment, regulatory compliance, and information sharing. While employment has long been an area of concern for the cybersecurity industry, the article states that much more will be needed to recruit talent. It also notes that while much of the country’s laws are shaped with the EU General Data Protection Regulation in mind, inconsistencies could arise o... Read More

Card Factory fixes website flaw allowing access to other users' photos

(Oct 18, 2018) A website developer discovered a vulnerability with U.K.-based greeting card company Card Factory's website, Mashable reports. The flaw allowed anyone to manipulate the site's URL to access photos belonging to other users. Milton Keynes Website Developer Iain Row found he was able to download any images without restrictions through the defect. “The trust and privacy of our customers is of upmost (sic) importance to us. After recently being made aware of this issue, we have applied a security upd... Read More

NIST launches development of a privacy framework

(Oct 17, 2018) On Tuesday, the U.S. National Institute of Standards and Technology initiated its process for the development of a privacy framework to a room full of privacy professionals here in Austin, Texas. The first in a series of public workshops, officials from NIST described the framework as a "voluntary enterprise risk-management tool." The framework is intended to be a collaborative effort with public and private sectors to help organizations "better identify, assess, manage, and communicate privacy... Read More

NIST launches development of 'privacy framework' in Austin

(Oct 17, 2018) On Tuesday, the U.S. National Institute of Standards and Technology initiated its process for the development of a privacy framework to a room full of privacy professionals here in Austin, Texas. The first in a series of public workshops, officials from NIST described the framework as a "voluntary enterprise risk-management tool." In addition to laying out its goals for the project, NIST facilitated a robust and interactive conversation among a wide swath of industry stakeholders and privacy pro... Read More

PCLOB declassifies PPD-28 report following FOIA request

(Oct 17, 2018) The Privacy and Civil Liberties Oversight Board declassified the implementation report on Presidential Policy Directive 28: Signals Intelligence Activities following a Freedom of Information Act request filed by New York Times Reporter Charlie Savage, Lawfare reports. PPD-28 was signed by President Obama in January 2014 and provides principles on “why, whether, when, and how the United States conducts signals intelligence activities.” Editor's Note: Jedidiah Bracy, CIPP, recently reported on the... Read More

Dating app leaks users' data

(Oct 17, 2018) The entire user database of Donald Daters, a new online dating app for supporters of U.S. President Donald Trump, has leaked online, TechCrunch reports. Touting it wants to help "make America date again," the app's database, which included usernames, profile pictures, device type, and private messages, as well as access tokens, was accessible from a public data repository. After being alerted to the issue, Emily Moreno, founder of the app and former aide to Sen. Marco Rubio, R-Fla., said, "We ha... Read More