F. Paul Greene and Daniel J. Altieri consider the landscape after the 11th Circuit’s decision in the LabMD case, noting the state-level Unfair and Deceptive Acts and Practices (“UDAP”) laws and The Nationwide Assurance of Voluntary Compliance may become more prominent as tools for data security enforcement actions. They write, in part: The Nationwide Assurance…
Category: Commentaries and Analyses
University of Wisconsin system audit reveals risk of cyber attacks, student data at risk
A state audit finds the UW System could be an easy target for cyber attacks or hacks if changes are not made to information technology (IT) security systems. Auditors found risks to accounting, payroll and student data. The UW System has until the end of August to submit plans to the Joint Legislative Audit Committee…
Data leaks at 2 Thai banks spark call for legal safeguards
Cyber-security experts have urged the government to quickly strengthen legal safeguards by adding measures to prevent data leaks after the computer systems of two major Thai banks were hacked recently. According to the Bank of Thailand (BOT) on Wednesday, the computer systems of Kasikornbank (Kbank) and Krungthai Bank (KTB) were compromised in the attacks, affecting…
Leaked chats show alleged Russian spy seeking hacking tools
Just catching up with this great report by Ralph Satterson and Matthew Bodner of AP. It provides a great example of how innocent researchers need to remain vigilant about being played by spies. Six years ago, a Russian-speaking cybersecurity researcher received an unsolicited email from Kate S. Milton. Milton claimed to work for the Moscow-based…
Was LabMD Hacked? A Key Issue in Lawsuit Against FTC Lawyers
Craig A. Newman of Patterson Belknap writes: Did LabMD, the now-defunct cancer testing company, expose sensitive patient information with shoddy data security practices as U.S. regulations have charged, or was the company victimized by a private forensics firm extorting it for business – raising the troubling question of whether the entire case against LabMD was…
DPC receives over 1,100 reports of data breaches since start of GDPR rules
Elaine Edwards reports: More than 1,100 reports of data breaches involving people’s personal information have been received by the Data Protection Commission in the two months since a new EU legal regime came into force. The 1,184 reports to the commission mean data breach reports are significantly up on the average of 230 reported each…