Commentaries and Analyses – Page 679

One More Reason for Companies to Report Data Breaches

Posted on May 27, 2015 by Dissent

Judith Germano follows up on a post by FTC Assistant Mark Eichorn on what to expect if the FTC comes calling after a breach. Germano writes, in part: The Department of Justice has been reaching out for years to assist victims of data breaches. Indeed, many times it is the government who informs a company that…

CareFirst breach demonstrates how assumptions hurt healthcare

Posted on May 26, 2015 by Dissent

Steve Ragan reports: Last week, CareFirst BlueCross BlueShield (CareFirst) reported a data breach that was initially discovered last year. When the incident was first noticed, the company assumed they had taken care of the problem – only to learn that wasn’t the case ten months later. The healthcare sector has taken center stage in the recent months…

PCI council gives up, dumbs down PCI DSS for small business

Posted on May 22, 2015 by Dissent

Darren Pauli reports: The Payment Card Industry Security Standards Council has created a taskforce charged with improving security among small businesses. The prodigious task will be tackled by encouraging small businesses to adopt security best practice and simplified Payment Card Industry Data Security Standards (PCI DSS). Barclaycard payment security manager and taskforce chair Phil Jones…

UK data watchdog: Massive fines won’t keep data safe

Posted on May 22, 2015 by Dissent

Jennifer Baker reports: The UK’s data protection watchdog has said issuing fines “left, right and centre” is not the way to ensure privacy. However, Information Commissioner Christopher Graham added that this doesn’t mean his office shouldn’t have those exact powers at its disposal. “The obligation laid on data protection authorities always to fine data controllers…

Epic played no part in Coast Guard health-data privacy shortcomings

Posted on May 21, 2015 by Dissent

Mark Sullivan reports: A new report from the Department of Homeland Security’s Office of Inspector General (OIG) says that the U.S. Coast Guard holds plenty of personally identifiable health information in its servers but lacks a strong approach to dealing with privacy issues. The report grew from a DHS audit that focused on practices and procedures for…

If the FTC comes to call

Posted on May 20, 2015 by Dissent

Mark Eichorn of the FTC writes: It’s a question we’re asked a lot. “What happens if I’m the target of an FTC investigation involving data security?” We understand – no one wants to get that call. But we hope we can shed some light on what a company can expect. First things first. All of…