Commentaries and Analyses – Page 513

Town of Oswego – Financial Condition and Information Technology Audit

Posted on March 17, 2018 by Dissent

The NYS Comptroller’s Office has released another audit: Town of Oswego – Financial Condition and Information Technology (2017M-290). From their summary: Purpose of Audit The purpose of our audit was to determine whether the Board adopted realistic budgets that were structurally balanced, whether officials adequately monitored the Town’s financial operations and whether the Board adopted adequate…

OAIC received 31 notifications in the first three weeks of data breach scheme

Posted on March 16, 2018 by Dissent

Asha McLean reports: The Office of the Australian Information Commissioner (OAIC) has told ZDNet there has been 31 notifications provided to the office led by Timothy Pilgrim since Australia’s Notifiable Data Breaches (NDB) scheme came into effect on February 22, 2018. The NDB scheme requires agencies and organisations in Australia that are covered by the…

DocuTrac medical software is a breach risk, warns Rapid7

Posted on March 15, 2018 by Dissent

Warwick Ashford reports on what seems to me to be yet another case of hard-coded credentials creating a critical vulnerability in protecting patient data, and I, of course, have questions. Ashford reports: The QuicDoc & Office Therapy suite of software produced by DocuTrac contains security vulnerabilities that could allow attackers to gain control of patient…

Article: Risk and Anxiety: A Theory of Data-Breach Harms

Posted on March 14, 2018 by Dissent

Abstract In lawsuits about data breaches, the issue of harm has confounded courts. Harm is central to whether plaintiffs have standing to sue in federal court and whether their legal claims are viable. Plaintiffs have argued that data breaches create a risk of future injury, such as identity theft, fraud, or damaged reputations, and that…

A Primer on the SHIELD Act: New York’s Move to Adopt More Stringent Data Security Requirements, Part II

Posted on March 13, 2018 by Dissent

Courtney M. Bowman of Proskauer Rose writes: What would companies need to do to comply with the law? The Stop Hacks and Improve Electronic Data Security (SHIELD) Act imposes requirements in two areas: cybersecurity and data breach notification. The cybersecurity provisions of the proposed SHIELD Act would require companies to adopt “reasonable safe-guards to protect the security,…

The Standing Struggle in Data Breach Litigation Continues

Posted on March 13, 2018 by Dissent

Dena Castricone of Murtha Cullina writes: Two courts. Two days. Two different results. On March 7, on remand from the U.S. Court of Appeals for the Eighth Circuit, a federal district court judge in Minnesota granted a motion to dismiss a consumer class action suit involving a 2014 data breach affecting over 1,000 grocery stores. …