Darren Pauli reports: Researchers from the University of Darmstadt say app developers have exposed 56 million credentials by borking login processes using services from Google, Amazon, and Facebook. The research team tested 750,000 Android and iOS applications, examining the way they used the federated identity services to make authentication smooth across different devices. The team…
Category: Commentaries and Analyses
French Data Protection Authority Reveals 2015 Inspection Program
Hunton & Williams writes: On May 25, 2015, the French Data Protection Authority (“CNIL”) released its long-awaited annual inspection program for 2015. Under French data protection law, the CNIL may conduct four types of inspections: (1) on-site inspections (i.e., the CNIL may visit a company’s facilities and access anything that stores personal data); (2) document reviews (i.e.,…
Data breach liability: confidentiality vs. privacy
Glynna Christian and Nikki Mondschein of Kaye Scholer LLP provide food for thought for businesses and covered entities when reviewing contracts with IT service providers: IT service providers, particularly cloud service providers, increasingly are resisting unlimited liability for breaches of privacy and data security obligations in their customer agreements. Instead, they offer unlimited liability for breaches of…
One More Reason for Companies to Report Data Breaches
Judith Germano follows up on a post by FTC Assistant Mark Eichorn on what to expect if the FTC comes calling after a breach. Germano writes, in part: The Department of Justice has been reaching out for years to assist victims of data breaches. Indeed, many times it is the government who informs a company that…
CareFirst breach demonstrates how assumptions hurt healthcare
Steve Ragan reports: Last week, CareFirst BlueCross BlueShield (CareFirst) reported a data breach that was initially discovered last year. When the incident was first noticed, the company assumed they had taken care of the problem – only to learn that wasn’t the case ten months later. The healthcare sector has taken center stage in the recent months…
PCI council gives up, dumbs down PCI DSS for small business
Darren Pauli reports: The Payment Card Industry Security Standards Council has created a taskforce charged with improving security among small businesses. The prodigious task will be tackled by encouraging small businesses to adopt security best practice and simplified Payment Card Industry Data Security Standards (PCI DSS). Barclaycard payment security manager and taskforce chair Phil Jones…