President Obama’s February 13 Executive Order, “Promoting Private Sector Cybersecurity Information Sharing” (the “EO”), turns out to be light on new measures to improve cybersecurity, but focused heavily on adjustments to prior Executive Orders implementing the rules for handling classified information. This focus introduces concerns about government agencies picking winners and losers in the cybersecurity… Continue Reading
Tag Archives: Data Security Safeguards
Risk assessments are critical to avoid data blackmail
Posted in Data Breach, Data Compliance & Security, Identity TheftThe article below was posted to the Mintz Health Law & Policy Matters blog, but it contains valuable information for any business regarding steps to take to avoid data blackmail. Check out the bullet point list below and make sure that your company secures all its sensitive data against threats, both internal and external. Written… Continue Reading
Don’t Shoot the Messenger: Another Court Cautions Against Retaliating Against Employees Who Report Data Security Concerns
Posted in Data Compliance & SecurityWritten by Michael Arnold, Cynthia Larose and Jennifer Rubin Recently, a California state appellate court in Cutler v. Dike, No. B210624, 2010 WL 3341663 (Cal. Ct. App. Aug. 26, 2010), upheld a jury finding that an employer illegally fired an employee because he objected to the manner in which his employer maintained its confidential patient… Continue Reading
Brokerage firm victim of elaborate extortion scheme – but also gets hit with a fine
Posted in Data Compliance & SecurityBrokerage firm DA Davidson has agreed to pay a fine of $375,000 for failing to protect confidential client data from Latvian hackers who breached the company in 2007 in an online extortion scheme and the three have pleaded guilty in Montana. The hackers used a SQL injection attack to obtain access to the company’s database… Continue Reading
Major “goof” at Citibank
Posted in Data BreachFor all of you who have been struggling with data security compliance obligations from various fronts, and trying to handle complex technical issues such as encryption of portable devices and data “at rest” and “in transit” — here is a very big story regarding plain old everyday mail. If you are a Citibank customer, Citi… Continue Reading
Today is the day……
Posted in Data Compliance & SecurityAfter implementation delays and rule changes, new data protection regulations that are widely considered the most stringent in the nation take effect today. The Massachusetts data security regulations require institutions that hold personal data on Massachusetts citizens to encrypt that information and implement written data protection policies, reports the Boston Globe. Discussion continues and questions… Continue Reading
Top 3 questions relating to compliance with 201 CMR 17.00
Posted in Data Compliance & SecurityAt the beginning of the “countdown” to the March 1st effective date of 201 CMR 17.00, we offered some posts with “misapprehensions” and compliance suggestions (see 16 Days to March 1….. and Countdown to compliance with 201 CMR 17.00…..11 days). Here are some questions that have been reoccurring over the last few weeks: 1) What… Continue Reading
And, it’s Friday, February 26th……
Posted in Data Compliance & SecurityAnd that means today is the last business day before the new Massachusetts data security regulations go live– as Jim Cramer would say, “That’s 201 CMR 17.00 for all you home gamers.”
T Minus 10,080 Minutes and Counting…..
Posted in Employee PrivacyWe have just one week to go before all entities that own, store, license — or basically do anything with — personal information of Massachusetts residents must comply with the Commonwealth’s new data security regulations. Things to consider: Have you done your risk assessment? Looked at what you collect and how you collect and how… Continue Reading
27 days and counting…
Posted in Data Compliance & SecurityMarch 1st is the deadline for compliance with the Massachusetts data security regulations, 201 CMR 17.00. We have blogged incessantly for months about the need to get compliance programs into gear and develop information security plans as required by the regulations. The time is here. If you are one of the procrastinators (and, you are… Continue Reading
Data Privacy Day – Tip #4 – Transactional Best Practices for Lawyers
Posted in Employee PrivacyWritten by Michael Arnold and Jennifer Rubin Even though lawyers working on both sides of an M&A transaction during the due diligence phase might immerse themselves in a “confidentiality bubble”, they still must be careful not to disclose or access confidential employee information in the course of that transaction. Attorneys evaluating potential transactions might be… Continue Reading
Data Security Roundtable
Posted in Data Compliance & SecurityHere is a link to a couple of segments of a data security roundtable I participated in not long ago:http://www.businesswire.com/portal/site/home/permalink/?ndmViewId=news_view&newsId=20091222005345&newsLang=en Some very interesting discussions with folks who are on the cutting edge of data security. I’ll post the other segments as they are released.
Some “light reading” for privacy geeks…
Posted in Data Compliance & SecurityOr, actually, for anyone interested in building privacy into business from the “ground up” and how privacy can (and should) become a business differentiator. Dr. Ann Cavoukian is Ontario’s Information and Privacy Commissioner and has long been an advocate of privacy technologies and coined the term “Privacy by Design” in the late-nineties. Her latest book… Continue Reading
To Encrypt or Not To Encrypt…….An Incentive Rather than a Mandate From Michigan
Posted in Data BreachAdd Michigan to the list of states that are proposing that adoption of comprehensive data security safeguards will provide a safe harbor for data breaches. The Information Security Program Standards Act introduced last week differs a bit from Massachusetts and Nevada (and other pending legislation) in that it would not require the implementation of detailed… Continue Reading
