Commentaries and Analyses – Page 620

AU: Telcos and security agencies exempted from data breach rules in draft bill

Posted on December 4, 2015 by Dissent

Paul Farrell reports: Australian law enforcement agencies and telcos that suffer certain types of data breaches are likely to be exempt from rules requiring them to notify the people affected, under a draft bill. The federal government published on Thursday an exposure draft of mandatory data breach laws that would compel Australian companies – and in some…

State law claims in Anthem breach tossed because ERISA pre-empts

Posted on December 2, 2015 by Dissent

And yet another blow to would-be plaintiffs in data breach litigation: you can’t raise claims under state law if ERISA applies and covers all the claims. Joe Lustig reports: For the second time this year, the U.S. District Court for the Northern District of California has ruled that state law claims arising from Anthem’s February data…

Plusnet ignores GCHQ, spits out plaintext passwords to customers

Posted on November 25, 2015 by Dissent

Alexander J. Martin reports: Contrary to password storage security standards, BT-owned Plusnet is still delivering plaintext strings back to forgetful users, and seems to have no plans to tidy itself up any time soon – despite years of warnings from security experts and the advice of GCHQ. Plusnet has stated that it “goes to great…

OPM OIG Audit Finds Significant Problems Remain

Posted on November 24, 2015 by Dissent

From the Executive Summary of FY 2015 FISMA Results:  The significant deficiency related to information security governance has been dropped due to the reorganization of the Office of the Chief Information Officer (OCIO).  OPM’s system development life cycle policy is not enforced for all system development projects.  OPM does not maintain a…

Data Security & Privacy Concerns for the Indian Banking Industry

Posted on November 24, 2015 by Dissent

Ratan Jyoti, Chief Manager (Information Security), Vijaya bank, writes: … In last year or two, there has been a sudden spurt in data theft in Indian banks. It is estimated that Indian Banks are directly losing a significant part of their income due to data theft. In terms of reported incidents, the figure of loss…

LabMD ruling should be a wake-up call for FTC data security enforcement

Posted on November 23, 2015 by Dissent

For another informed perspective on the impact of the initial decision in FTC v. LabMD, I’d strongly encourage this site’s readers to read Gus Hurwitz’s thought-provoking analysis and commentary on TechPolicyDaily.com. Here’s a snippet: … Judge Chappell had none of the FTC’s argument. “The term ‘likely’,” he tells us, “does not mean that something is merely…