Exploring the risk-based approach to de-identification

(Apr 19, 2017) As with so many things in this world, there is rarely, if ever, a silver-bullet solution to a complex problem in privacy. Perhaps the most glaring example of this is in defining the identifiability of an individual. Countless privacy laws and regulations around the world define personal information in different ways using varying definitions. Though not new, de-identification, or anonymization, is a useful tool to meet compliance and mitigate risk. "Identifiability is relative and contextual," M... Read More

Exploring the risk-based approach to de-identification

(Apr 19, 2017) As with so many things in this world, there is rarely, if ever, a silver-bullet solution to a complex problem in privacy. Perhaps the most glaring example of this is in defining the identifiability of an individual. Countless privacy laws and regulations around the world define personal information in different ways using varying definitions. Though not new, de-identification, or anonymization, is a useful tool to meet compliance and mitigate risk. "Identifiability is relative and contextual," M... Read More

De-identification: Moving from the binary to a spectrum

(Apr 18, 2017) As with so many things in this world, there is rarely, if ever, a silver-bullet solution to a complex problem in privacy. Perhaps the most glaring example of this is in defining the identifiability of an individual.  Countless privacy laws and regulations around the world define personal information or personally identifiable information in different ways, using varying definitions and key terms. One jurisdiction may consider an IP address PII while another may not. The Federal Trade Commission... Read More

Is cyber insurance becoming essential for manufacturers?

(Apr 18, 2017) The Wall Street Journal reports on the increased reliance by manufacturers on computerized and digital systems and the resulting information security issues they face. Abbot Laboratories, most recently, faced scrutiny from the U.S. Food and Drug Administration for its response to reports that its defibrillators and pacemakers could be hacked. "For years cyber insurance was overwhelmingly purchased by consumer-facing business — retailers, financial-service providers and hospitals," the report sta... Read More

Healthcare privacy plans need to account for medical device security

(Apr 14, 2017) The world is becoming increasingly interconnected with networked enabled devices becoming pervasive with the explosive growth of the internet of things. This increased level of interconnectedness provides the potential for enhancements in convenience and utility, but at the same time it is also clear that such a level of interconnectedness comes with an increased attack surface that can be used to compromise devices.  Once compromised, devices can be used as a backdoor into your organization as... Read More

On simplifying data breach notification obligations

(Apr 7, 2017) Keeping track of the variety of data breach notification laws is easier said than done. All over the world, organizations need to be aware of notification laws that differ by state, country and continent. And though there is no one-size-fits-all solution, there are ways to help simplify the complexity. K&L Gates LLP Partner Julia Jacobson, CIPP/US, CIPM, FIP, and RADAR CEO Mahmood Sher-Jan delved into the nuances of breach notification during a recent IAPP web conference that also introduced... Read More

Assessing your cyber-exposure and shopping for insurance

(Mar 28, 2017) This article is part two of a four-part series on cyberinsurance. Part one addressed the need for cyberinsurance. Part two discusses how to assess your company’s cyber exposure and select the right coverage.   As the saying goes, there are two types of companies: those who have been breached and those who have been breached and don’t know it yet. When your company is faced with a cyber-related liability, your position will be greatly improved if you have properly assessed your company’s risk an... Read More

IAPP web conference: Operationalizing privacy technology

(Mar 24, 2017) The privacy technology market is young and rapidly expanding to meet the needs of organizations around the world. This growing market means there are more technological solutions for privacy pros than ever before. But how effective and efficient are the new offerings from these vendors that are suddenly proliferating? If you think some of these tools would benefit your privacy team and/or the organization as a whole, how can you justify the spend? What should you be looking for and how should yo... Read More

Jonathan Zdziarski joins Apple's security engineering team

(Mar 15, 2017) Security researcher Jonathan Zdziarski announced he will be joining Apple as part of the company's Security Engineering and Architecture team, Engadget reports. Zdziarski and Apple have not officially stated what the researcher will be doing within the company. "This decision marks the conclusion of what I feel has been a matter of conscience for me over time. Privacy is sacred; our digital lives can reveal so much about us — our interests, our deepest thoughts, and even who we love. I am thrill... Read More

Privacy, security advice for enterprises purchasing new tech

(Mar 14, 2017) In a column for The Wall Street Journal, Andrea Matwyshyn offers information security advice to companies making technology purchases. Noting that companies are expected to spend more than $3 trillion on workplace technology in 2017, Matwyshyn warns that purchasers tend to only consider cost, reliability and deployment and often fail to consider the security of such technology, and "I've seen them pay the price for that." She continues: "Companies need to understand from the start that their inf... Read More