Warwick Ashford reports on what seems to me to be yet another case of hard-coded credentials creating a critical vulnerability in protecting patient data, and I, of course, have questions. Ashford reports: The QuicDoc & Office Therapy suite of software produced by DocuTrac contains security vulnerabilities that could allow attackers to gain control of patient…
Category: Commentaries and Analyses
Article: Risk and Anxiety: A Theory of Data-Breach Harms
Abstract In lawsuits about data breaches, the issue of harm has confounded courts. Harm is central to whether plaintiffs have standing to sue in federal court and whether their legal claims are viable. Plaintiffs have argued that data breaches create a risk of future injury, such as identity theft, fraud, or damaged reputations, and that…
A Primer on the SHIELD Act: New York’s Move to Adopt More Stringent Data Security Requirements, Part II
Courtney M. Bowman of Proskauer Rose writes: What would companies need to do to comply with the law? The Stop Hacks and Improve Electronic Data Security (SHIELD) Act imposes requirements in two areas: cybersecurity and data breach notification. The cybersecurity provisions of the proposed SHIELD Act would require companies to adopt “reasonable safe-guards to protect the security,…
The Standing Struggle in Data Breach Litigation Continues
Dena Castricone of Murtha Cullina writes: Two courts. Two days. Two different results. On March 7, on remand from the U.S. Court of Appeals for the Eighth Circuit, a federal district court judge in Minnesota granted a motion to dismiss a consumer class action suit involving a 2014 data breach affecting over 1,000 grocery stores. …
Leon County Schools explains the Florida Virtual School Data Leak
To follow up on my post about a Florida vendor’s misconfiguration that impacted 368,000 students as well as thousands of former and current Leon County Schools employees: I took marked exception to some of the FLVS‘s initial claims because I felt it was misleading to try to cry “hack” when it was a misconfigured server that exposed…
Statistics Canada loses, mishandles hundreds of sensitive census, employment files
Kathleen Harris reports: The federal agency in charge of collecting, analyzing and securely storing personal data about Canadians lost hundreds of sensitive files during the 2016 census process. Incident reports obtained by CBC News through Access to Information detail 20 cases of information and privacy breaches by Statistics Canada, including long and short census surveys, home…