Commentaries and Analyses – Page 632

Plusnet ignores GCHQ, spits out plaintext passwords to customers

Posted on November 25, 2015 by Dissent

Alexander J. Martin reports: Contrary to password storage security standards, BT-owned Plusnet is still delivering plaintext strings back to forgetful users, and seems to have no plans to tidy itself up any time soon – despite years of warnings from security experts and the advice of GCHQ. Plusnet has stated that it “goes to great…

OPM OIG Audit Finds Significant Problems Remain

Posted on November 24, 2015 by Dissent

From the Executive Summary of FY 2015 FISMA Results:  The significant deficiency related to information security governance has been dropped due to the reorganization of the Office of the Chief Information Officer (OCIO).  OPM’s system development life cycle policy is not enforced for all system development projects.  OPM does not maintain a…

Data Security & Privacy Concerns for the Indian Banking Industry

Posted on November 24, 2015 by Dissent

Ratan Jyoti, Chief Manager (Information Security), Vijaya bank, writes: … In last year or two, there has been a sudden spurt in data theft in Indian banks. It is estimated that Indian Banks are directly losing a significant part of their income due to data theft. In terms of reported incidents, the figure of loss…

LabMD ruling should be a wake-up call for FTC data security enforcement

Posted on November 23, 2015 by Dissent

For another informed perspective on the impact of the initial decision in FTC v. LabMD, I’d strongly encourage this site’s readers to read Gus Hurwitz’s thought-provoking analysis and commentary on TechPolicyDaily.com. Here’s a snippet: … Judge Chappell had none of the FTC’s argument. “The term ‘likely’,” he tells us, “does not mean that something is merely…

New York Department of Financial Services Previews Rigorous Cybersecurity Rules for Financial Sector

Posted on November 21, 2015 by Dissent

H. Deen Kaplan, Harriet Pearson, Timothy Tobin, and Stephanie Handler write: On November 9, 2015, Anthony Albanese, Acting Superintendent of the New York State Department of Financial Services (NYDFS), issued a letter to a wide array of federal and state financial services regulators that are part of the Financial and Banking Information Infrastructure Committee (FBIIC)….

FTC v. LabMD: A bad case and a questionable decision, but the right outcome

Posted on November 20, 2015 by Dissent

As I reported last Friday, FTC’s Administrative Law Judge D. Michael Chappell dismissed FTC’s enforcement action against LabMD, explaining that the regulator failed to meet the injury prong of the unfairness test under the FTC Act. The FTC issued a press release about the decision yesterday. The decision was noteworthy for two reasons. It was the first data security enforcement…