David M. Stauss and Gregory Szewczyk of Ballard Spahr LLP write: As we first reported in our January 22, 2018, alert, the Colorado legislature is considering legislation that, if enacted, would significantly change Colorado privacy and data security law. On Wednesday, February 14, 2018, the bill’s sponsors submitted an amended bill that addresses issues raised by numerous stakeholders, including Ballard…
Category: Commentaries and Analyses
House Draft Data Security Bill Preempts Stronger State Safeguards
From EPIC.org: Rep. Luetkemeyer (R-MO) and Rep. Maloney (D-NY) circulated a draft bill, the “Data Acquisition and Technology Accountability and Security Act,” that would set federal requirements for companies collecting personal data and require prompt breach notification. The Federal Trade Commission, which has often failed to pursue important data breach cases, and state Attorneys General…
‘BuckHacker’ Search Engine Lets You Easily Dig Through Exposed Amazon Servers
Joseph Cox reports: Contractors, governments, and telecom giants have all previously left data on exposed Amazon Web Services (AWS) servers, meaning anyone can access them without a username or password. Now, a search engine makes combing through leaky AWS datasets that much easier. Think of it as a barebones Google, but for info that the…
UK and US blame Russia for ‘malicious’ NotPetya cyber-attack
BBC reports: The Russian military was directly behind a “malicious” cyber-attack on Ukraine that spread globally last year, the US and Britain have said. The White House said June’s NotPetya ransomware attack caused billions of dollars in damage across Europe, Asia, and the Americas. UK Defence Secretary Gavin Williamson said Russia was “ripping up the…
Hack the Air Force 2.0 uncovers over 100 vulnerabilities
Charlie Osborne reports: The second Hack the Air Force bug bounty challenge, Hack the Air Force 2.0, has resulted in 106 vulnerabilities being reported and fixed. On Thursday, bug bounty platform HackerOne revealed that the 20-day competition to find vulnerabilities in federal systems resulted in $103,883 in payouts, bringing the total amount of financial rewards…
Consequences for HIPAA violations don’t stop when a business closes
There’s a new settlement announcement from HHS OCR that makes clear that even if an entity closes its doors, any HIPAA enforcement action continues: A receiver appointed to liquidate the assets of Filefax, Inc. has agreed to pay $100,000 out of the receivership estate to the U.S. Department of Health and Human Services (HHS) Office…