Lesley Fair of the FTC writes: Kids love to play dress-up, but parents wouldn’t want them rummaging through the attic or climbing to the top shelf of the wardrobe without permission and proper supervision. The i-Dressup.com website offered users – including children – a virtual way to play dress-up and design clothes without those potential…
Category: Commentaries and Analyses
Marcus Hutchins’ plea leaves unsettled whether writing certain types of code is illegal – Ekeland
In May, 2017, a young man from the U.K. became known as an “accidental hero” for saving the world from the further spread of WannaCry ransomware. But months later, this same hero, Marcus Hutchins, known online as @MalwareTech, was arrested in the U.S. as he tried to fly home after attending the Black Hat and…
Google Moves Developers to OAuth to Help Prevent Phishing Attacks
Dennis Fisher reports: In an effort to cut off an avenue used in some phishing attacks, Google is planning to block authentication attempts from some apps that use embedded browser frameworks in the near future. The change is part of a broader initiative by the company to get a better handle on when and how…
So how’s April so far?
Quick note: I haven’t been posting all the health data breaches or incidents I have already found this month, as in some cases, I’m waiting for responses from entities to my questions. But I am compiling the incidents in my worksheet that I provide to Protenus, Inc. for their analyses and freely available reports. Yesterday,…
The Lack of an Adequate HIPAA Security Risk Assessment is a Common and Costly Mistake by Healthcare Providers: What Providers Can Do Now
Erin Smith Aebel of Shumaker, Loop & Kendrick, LLP writes: Health care providers and others who must comply with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) have specific requirements under the Security Rule to HIPAA when it comes to their maintenance of electronically held protected health information. One of those requirements is…
Italy’s DPA Fines Data Processor for Information Security Failures
Odia Kagan of FoxRothschild writes: Caveat Data Processor. Italian Data Protection Authority, Garante, has issued a 50,000 EUR fine against a data processor platform for its failures to implement several information security measures. Service providers should ensure that the data entrusted to them by their data controller customers is adequately protected. Read more on Privacy…