Ashkan Soltani has uploaded an important ruling in FTC v. Wyndham, a case discussed many times on this blog. The short version of the ruling is that Wyndham went 0 for 3 on its challenges to the FTC’s authority to enforce data security under the FTC Act, to enforce data security in the absence of regulations that…
Category: Commentaries and Analyses
Is delaying notification for law enforcement purposes ever unreasonable?
Over on Security Bistro, Linda Musthaler discusses the recently disclosed Spec’s breach and the fact that Spec’s knew about the breach but was asked not to disclose it by law enforcement. We’ve seen this many times – delays in notification so as not to interfere with a law enforcement investigation. But should there be some…
Federal court ruling in Carnegie Strategic Design Engineers v. Cloherty applies narrow interpretation of CFAA
Robert R. Baron, Jr., David S. Fryman, Corinne Militello, and Philip N. Yannella of Ballard Spahr write: A Pennsylvania federal magistrate judge has tossed an employer’s claims under the Computer Fraud and Abuse Act (CFAA), holding that the CFAA does not extend to punish employees for the misuse of information that was accessed with permission….
Federal Agencies Need to Enhance Responses to Data Breaches – GAO
From a GAO report (GAO-14-487T) released today, the highlights: The number of reported information security incidents involving personally identifiable information (PII) has more than doubled over the last several years (see figure). As GAO has previously reported, major federal agencies continue to face challenges in fully implementing all components of an agency-wide information security program, which…
How do the FBI and Secret Service know your network has been breached before you do?
Ellen Messmer reports: By all accounts, many of the massive data breaches in the news these days are first revealed to the victims by law enforcement, the Secret Service and Federal Bureau of Investigation (FBI). But how do the agencies figure it out before the companies know they have been breached, especially given the millions…
Fandango, Credit Karma Settle FTC Charges that They Deceived Consumers By Failing to Securely Transmit Sensitive Personal Information
Two companies have agreed to settle Federal Trade Commission charges that they misrepresented the security of their mobile apps and failed to secure the transmission of millions of consumers’ sensitive personal information from their mobile apps. The FTC alleged that, despite their security promises, Fandango and Credit Karma failed to take reasonable steps to secure…