H. Deen Kaplan, Harriet Pearson, Timothy Tobin, and Stephanie Handler write: On November 9, 2015, Anthony Albanese, Acting Superintendent of the New York State Department of Financial Services (NYDFS), issued a letter to a wide array of federal and state financial services regulators that are part of the Financial and Banking Information Infrastructure Committee (FBIIC)….
Category: Commentaries and Analyses
FTC v. LabMD: A bad case and a questionable decision, but the right outcome
As I reported last Friday, FTC’s Administrative Law Judge D. Michael Chappell dismissed FTC’s enforcement action against LabMD, explaining that the regulator failed to meet the injury prong of the unfairness test under the FTC Act. The FTC issued a press release about the decision yesterday. The decision was noteworthy for two reasons. It was the first data security enforcement…
Ca: Prince Edward Island’s Workers Compensation Board reports 47 privacy breaches in 4 years
CBC News reports: P.E.I.’s information and privacy commissioner is recommending changes to prevent breaches at the Workers Compensation Board after 47 breaches to personal privacy were reported in a four-year period. Privacy Commissioner Karen Rose started investigating after a WCB client complained in 2010 some of his medical information was mailed to an unrelated third…
INFORMATION SECURITY: Department of Education and Other Federal Agencies Need to Better Implement Controls – GAO
From a newly released GAO report: Cyber-based risks to federal systems and information can come from unintentional threats, such as natural disasters, software coding errors, and poorly trained or careless employees, or intentional threats, such as disgruntled insiders, hackers, or hostile nations. These threat sources may exploit vulnerabilities in agencies’ systems and networks to steal…
INFORMATION SECURITY: Federal Agencies Need to Better Protect Sensitive Data – GAO
From a newly released GAO report: Federal systems face an evolving array of cyber-based threats. These threats can be unintentional—for example, from software coding errors or the actions of careless or poorly trained employees; or intentional—targeted or untargeted attacks from criminals, hackers, adversarial nations, terrorists, disgruntled employees or other organizational insiders, among others. These concerns…
FL: Audit finds Tampa put city workers at risk of ID theft
Christopher O’Donnell reports: The city broke federal law and put some workers at risk of identity theft by including their Social Security numbers on child support and other garnishment checks, a city audit found. The audit of the city’s Accounts Payable department showed Social Security numbers were printed on payment checks sent to banks, creditors…