From the Executive Summary of FY 2015 FISMA Results: The significant deficiency related to information security governance has been dropped due to the reorganization of the Office of the Chief Information Officer (OCIO). OPM’s system development life cycle policy is not enforced for all system development projects. OPM does not maintain a…
Category: Commentaries and Analyses
Data Security & Privacy Concerns for the Indian Banking Industry
Ratan Jyoti, Chief Manager (Information Security), Vijaya bank, writes: … In last year or two, there has been a sudden spurt in data theft in Indian banks. It is estimated that Indian Banks are directly losing a significant part of their income due to data theft. In terms of reported incidents, the figure of loss…
LabMD ruling should be a wake-up call for FTC data security enforcement
For another informed perspective on the impact of the initial decision in FTC v. LabMD, I’d strongly encourage this site’s readers to read Gus Hurwitz’s thought-provoking analysis and commentary on TechPolicyDaily.com. Here’s a snippet: … Judge Chappell had none of the FTC’s argument. “The term ‘likely’,” he tells us, “does not mean that something is merely…
New York Department of Financial Services Previews Rigorous Cybersecurity Rules for Financial Sector
H. Deen Kaplan, Harriet Pearson, Timothy Tobin, and Stephanie Handler write: On November 9, 2015, Anthony Albanese, Acting Superintendent of the New York State Department of Financial Services (NYDFS), issued a letter to a wide array of federal and state financial services regulators that are part of the Financial and Banking Information Infrastructure Committee (FBIIC)….
FTC v. LabMD: A bad case and a questionable decision, but the right outcome
As I reported last Friday, FTC’s Administrative Law Judge D. Michael Chappell dismissed FTC’s enforcement action against LabMD, explaining that the regulator failed to meet the injury prong of the unfairness test under the FTC Act. The FTC issued a press release about the decision yesterday. The decision was noteworthy for two reasons. It was the first data security enforcement…
Ca: Prince Edward Island’s Workers Compensation Board reports 47 privacy breaches in 4 years
CBC News reports: P.E.I.’s information and privacy commissioner is recommending changes to prevent breaches at the Workers Compensation Board after 47 breaches to personal privacy were reported in a four-year period. Privacy Commissioner Karen Rose started investigating after a WCB client complained in 2010 some of his medical information was mailed to an unrelated third…