Shawn E. Tuma writes that Texas just amended its unauthorized access of computers law to specifically address misuse by insiders. Here’s a snippet from his detailed post: Nothing was removed from the prior version of the law; the following language in blue italics was added as Section 33.02 (b-1)(2) of the Texas Penal Code: It is a crime for a…
Category: Commentaries and Analyses
U.S. Education Dept. ripe for breach more devastating than OPM’s
Teri Robinson reports: The Department of Education is primed for a large data breach that could eclipse the one experienced by the Office of Personnel and Management (OPM), House Oversight Committee Chairman Jason Chaffetz (R-Utah) said last week at a Brookings Institute function. With its rich set of data, including 139 million Social Security numbers and information…
Databases with voter information and the “database of ruin”
DataBreaches.net recently reported on two inadequately secured MongoDB databases that exposed voters’ information. The public’s reaction to these two incidents illustrated how little the majority of the public knows about what’s in a voter registration list and how such records are viewed by states. But the incidents also raise important questions as to whether existing laws provide adequate protection…
UK’s Information Commissioner repeats call for stronger sentences for data thieves
In the wake of another ridiculously light penalty for data theft, U.K.’s Information Commissioner, Christopher Graham, has repeated his call for stronger penalties. The comments come as an employee of a car rental company was sentenced for stealing customer information that accident claims companies could use to make nuisance calls. Sindy Nagra, 42, from Hayes, sold almost 28,000…
LabMD and Wyndham Decisions Curtail FTC’s Data Privacy and Security Reach
Alan L. Friel and Gerald J. Ferguson of BakerHostetler provide their interpretation of recent rulings: Both the administrative law judge’s decision in LabMD and the Third Circuit’s recent decision in Wyndham, which we previously blogged about, put the FTC on notice that it cannot assume that in the wake of a security breach, allegedly inadequate data security will necessarily constitute…
As if a 20-Year Consent Order Wasn’t Enough Fun: FTC Brings First Monetary Settlement in Information Security Case
Adam H. Greene of Davis Wright Tremaine LLP discusses the consent order Henry Schein Practice Solutions signed to settle an FTC complaint, and finds it noteworthy for a number of reasons. One of the reasons, he writes, is that it is the first consent order in a data security case to involve a monetary penalty. I don’t…