Kavita Iyer reports: Two New York men in the summer of 2015 were accused of online child pornography crimes for allegedly visiting a site that was a Tor hidden service. The site apparently would safegaurd the identity of its users and server location. However, with the Federal Bureau of Investigation (FBI) using a hacking tool…
Category: Commentaries and Analyses
Scope of Preemption in Proposed Data Security Legislation is Uncertain
David Bender writes: According to a recent analysis by the Congressional Research Service (“CRS”), the extent of state law preemption in recent federal legislative proposals relating to data security is unclear. Several bills introduced in the 114th Congress would impose federal data security or breach notification requirements on covered entities, similar to existing requirements in nearly every…
Henry Schein settles FTC charges it misled customers about encryption of patient data
It appears the FTC acted on a complaint I filed with them last year concerning Henry Schein Dental’s use of the word “encryption” in their marketing and their refusal to individually notify customers that the “encryption” provided by Dentrix G5 was not NIST-grade encryption that would give them Safe Harbor under HIPAA. Background on my concerns…
Did a Christian right-wing organization expose private details of millions of people?
First someone left our voter registration details exposed to the world, but those were “just public records,” some argued. Now a second misconfigured database has been uncovered by Chris Vickery. This one, however, not only includes some states’ voter lists, but it also includes 19 million profiles with private information on religion, household values, gun ownership…
At least 2m personal data sets feared leaked in Japan: survey
A Kyodo News survey of Japanese businesses found that at least 2.07 million data sets with personal information were leaked or suspected of leaking from 140 entities in Japan. The results were reported in the Bangkok Post: Of the 140, 75 organisations said they noticed they had been attacked only after police or another outside…
North Carolina Employees are not “Authorized” to Divert Employer Data
Amy R. Worley writes: As the year draws to a close, employer claims under the Computer Fraud and Abuse Act (“CFAA”) against departing employees for stealing or otherwise diverting employer information without authorization to do so are dying slow deaths in many federal courts across the nation. As noted over on the Non-Compete and Trade Secrets…