A financial penalty of $14,000 was imposed on Nature Society (Singapore) for breaches of the PDPA. First, the organisation failed to put in place reasonable measures to protect personal data on its website database. Second, it did not appoint a data protection officer. Lastly, it did not have written policies and practices necessary to comply…
Category: Commentaries and Analyses
In change, Army to allow file downloads for Army 365 email on personal devices
Davis Winkie reports: After months of soldiers complaining that security features on the Army’s new email platform were preventing them from doing basic tasks, the Army’s top IT official announced a change to the Army 365 download policy in a Monday LinkedIn post. Army Times previously reported the frustration that some soldiers were experiencing because the new email…
The RIPTA Data Breach May Provide Valuable Lessons About Data Collection and Retention
Joseph J. Lazzarotti of JacksonLewis writes: Efforts to secure systems and data from a cyberattack often focus on measures such as multifactor authentication (MFA), endpoint monitoring solutions, antivirus protections, and role-based access management controls, and for good reason. But there is a basic principle of data protection that when applied across an organization can significantly…
Who is the Network Access Broker ‘Wazawaka?’
Brian Krebs reports: In a great many ransomware attacks, the criminals who pillage the victim’s network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial…
A Missouri Reporter Is (Still) Getting Blamed For the Security Flaw He Exposed
Jack Gillum sought — and obtained — some records from Missouri Governor Parson’s office concerning the governor’s staff’s public statements and the governor’s intention to try to prosecute journalist Josh Renaud. Renaud’s crime: he discovered a vulnerability on a state website where by clicking the F12 key to view the source of a page, one…
The Impact of Data Security Incident Trends on Commercial Transactions: Part III – Vendor Agreement Resolutions for 2022
Craig Carpenter and Erika Vela of BakerHostetler write: As the BakerHostetler Digital Risk Advisory and Cybersecurity team wraps up the 2022 edition of annual Data Security Incident Response (DSIR) Report, we take one last look at the findings in the 2021 edition of the report to prepare our New Year’s resolutions of a data privacy and security attorney for…