The media in India seem to have fueled anxiety over Aadhaar security when the problem wasn’t with the security of the Aadhaar database itself. Stories sounding alarms about how Aadhaar data are easily found on third party sites are only confusing a lot of people, it seems. Yes, the data should not be exposed like…
Category: Commentaries and Analyses
Town of Oswego – Financial Condition and Information Technology Audit
The NYS Comptroller’s Office has released another audit: Town of Oswego – Financial Condition and Information Technology (2017M-290). From their summary: Purpose of Audit The purpose of our audit was to determine whether the Board adopted realistic budgets that were structurally balanced, whether officials adequately monitored the Town’s financial operations and whether the Board adopted adequate…
OAIC received 31 notifications in the first three weeks of data breach scheme
Asha McLean reports: The Office of the Australian Information Commissioner (OAIC) has told ZDNet there has been 31 notifications provided to the office led by Timothy Pilgrim since Australia’s Notifiable Data Breaches (NDB) scheme came into effect on February 22, 2018. The NDB scheme requires agencies and organisations in Australia that are covered by the…
DocuTrac medical software is a breach risk, warns Rapid7
Warwick Ashford reports on what seems to me to be yet another case of hard-coded credentials creating a critical vulnerability in protecting patient data, and I, of course, have questions. Ashford reports: The QuicDoc & Office Therapy suite of software produced by DocuTrac contains security vulnerabilities that could allow attackers to gain control of patient…
Article: Risk and Anxiety: A Theory of Data-Breach Harms
Abstract In lawsuits about data breaches, the issue of harm has confounded courts. Harm is central to whether plaintiffs have standing to sue in federal court and whether their legal claims are viable. Plaintiffs have argued that data breaches create a risk of future injury, such as identity theft, fraud, or damaged reputations, and that…
A Primer on the SHIELD Act: New York’s Move to Adopt More Stringent Data Security Requirements, Part II
Courtney M. Bowman of Proskauer Rose writes: What would companies need to do to comply with the law? The Stop Hacks and Improve Electronic Data Security (SHIELD) Act imposes requirements in two areas: cybersecurity and data breach notification. The cybersecurity provisions of the proposed SHIELD Act would require companies to adopt “reasonable safe-guards to protect the security,…