Monika Kuschewsky writes: Whilst the discussions on the proposed Network and Information Security (NIS) Directive at European level are still ongoing (see Update on the Cybersecurity Directive − over to Luxembourg?, InsidePrivacy, June 12, 2015), less has been said about Germany new national Act to Increase the Security of Information Technology Systems (the “IT Security Law”). The IT…
Category: Commentaries and Analyses
FTC Chairwoman to the Valley: I Come in Peace — And to Keep Your Company Secure
Mark Bergen reports: Edith Ramirez wants Silicon Valley to see her agency as something more than a wrist slapper. Last Wednesday, the Chairwoman of the Federal Trade Commission came to San Francisco to host the agency’s first “Start with Security” conference, an initiative to institute broad guidelines for consumer privacy protection — and convince tech companies…
Medical Informatics Engineering, Concentra, Employers, Data Sharing, And Privacy
Over on I’ve Been Mugged, George Jenkins describes what he learned when he and his wife really pursued the question of how Medical Informatics Engineering had wound up with his wife’s personal information caught up in their breach. It’s a long – but important – read, as it highlights routine business practices that may come…
Why does the FTC keep ignoring my inquiry?
On July 31, after reading a news story about a breach involving a school district, I emailed the FTC to ask for clarification on FACTA: I have searched and searched but cannot find a definitive answer to the following: Are k-12 public school districts covered by FACTA? Assume for purposes of my question that there…
US-CERT’s do’s-and-don’ts for after the cyber hack
Jason Miller reports that US-CERT is offering best practices for after an attack. Here’s a bit of what he reports: Hacked organizations shouldn’t automatically initiate reactive measures to the network without first consulting incident response experts. Barron-DiCamillo said US-CERT and a host of other companies do incident responses for a living as opposed systems administrators…
What did CSU do to verify vendors’ data security – and what might FTC do?
When California State University decided to purchase a We End Violence program, Agent of Change, they reportedly did consider data security. The Press-Telegram reports: Laurie Weidner, spokeswoman for the Chancellor’s Office, said CSU has not terminated its relationship with We End Violence, which administered the training program called Agent of Change. The vendor was one of…