Commentaries and Analyses – Page 109

Norman Public Schools tells media, families it will strive to communicate better

Posted on September 1, 2023 by Dissent

Well, it seems one school district has seen the light and will try to be more transparent and timely in the event of security incidents. Norman Public Schools in Oklahoma experienced a ransomware attack in November 2022. At the time, DataBreaches was revealing more details about the breach by the Hive ransomware gang and the…

Za: Enforcement Notice Issued To Dis-Chem For Violating POPIA

Posted on September 1, 2023 by Dissent

Gugu Lourie reports: On the 31st of August 2023, the Information Regulator took action by issuing an Enforcement Notice against Dis-Chem, due to their non-compliance with several provisions of the Protection of Personal Information Act (POPIA). In the timeline of events, it was revealed that during the months of April and May in 2022, a…

Jp: Medical organizations and IT vendors “should bear part of the cyber damage”.

Posted on August 28, 2023 by Dissent

[Translation:] A document released on August 24 by the Japan Medical Association Policy Research Institute (Nichi-Isouken), which aims to plan medical policy, is causing controversy on SNS. Regarding contracts and responsibility sharing between medical institutions and system vendors, based on the “principle of good faith”, if the vendor’s risk explanation is insufficient, the medical institution…

Fourth Circuit Decision in Marriott Data Breach Case Kicks the Can Down the Road

Posted on August 25, 2023 by Dissent

Cindy Cohn of EFF writes: When a company that collected your personal data negligently fails to secure it, you should have accountability and relief—including standing to sue. EFF and our friends at Electronic Privacy Information Center filed an amicus brief in late November pointing this out to the U.S. Court of Appeals for the Fourth Circuit in…

What the SEC’s Investigation of SolarWinds Means for CISOs and Cybersecurity Disclosures

Posted on August 25, 2023 by Dissent

Sid Mody, Andrew J. Geist, Shelly Heyduk, Bill Martin, and Anna Xie discuss the implications of recent actions by the SEC. They write, in part: In sending a Wells Notice to SolarWinds’s CISO, the SEC has put CISOs generally on high alert that the agency is focused on how such professionals may be involved in…

Proposed UN Cybercrime Treaty Threatens to be an Expansive Global Surveillance Pact

Posted on August 25, 2023 by Dissent

Katitza Rodriguez of EFF writes: In the heart of New York City, a watershed moment for protecting users against unfettered government surveillance is unfolding at the sixth session of negotiations to formulate the UN Cybercrime Convention. Delegates from Member States have convened at UN Headquarters for talks this week and next that will shape the digital and…