Add this analysis and commentary by Chris Hoofnagle to your must-read list. Assessing the Assessments When companies settle FTC charges, they often agree to extended periods of oversight by the Agency. The FTC requires companies to be regularly assessed by an outside firm during the oversight period. In my forthcoming book, I argue that this assessment…
Category: Commentaries and Analyses
The disappointing truth about data privacy and security
Ben Rossi writes: Cloud providers boast compliance to the highest security standards, including state-of-the art physical protection of hosting facilities, electronic surveillance and ISO 27001 certifications, to name a few. While such efforts may sound impressive, in reality they offer absolutely no defence to enterprises seeking a security model that cannot be owned, and provide…
DEA obtains a federal search warrant for patient data on MicroMD
Justin Shafer pointed me to a case where the government, investigating a healthcare provider, served SaaS MicroMD with a federal search warrant for some patients’ data. You can read Justin’s write-up on his blog, but the case reminds us that patient data can be disclosed to law enforcement without patients’ awareness or consent, and that unencrypted patient…
U.S. & China agree to stop conducting economic espionage in cyberspace
Ellen Nakashima and Steven Mufson report: The United States and China have agreed that neither country will conduct economic espionage in cyberspace in a deal that addresses a major source of tension in the bilateral relationship. The pact also calls for a process aimed at helping to ensure compliance. Read more on Washington Post. Now…
DoD Issues Guidance on Privacy Breach Notices
From the Federal Manager’s Daily Report: The Pentagon has issued guidance to DoD components on considerations for making public announcements regarding breaches of private information, an issue that has been much in the mind of the federal workforce in recent months following disclosure of two major cyber hacks of personally identifiable information, or PII, held…
DEFENSE CYBERSECURITY: Opportunities Exist for DOD to Share Cybersecurity Resources with Small Businesses – GAO Report
This is what I’ve been saying for ages – the government can and should do more to educate and share information with small businesses. From a new GAO report: The Department of Defense (DOD) Office of Small Business Programs (OSBP) has explored some options, such as online training videos, to integrate cybersecurity into its existing efforts; however,…