Neil Ford writes: The slow, stately progress of European data protection law continues: last month in Luxembourg, ministers in the Justice and Home Affairs Committee of the EU’s Council of Ministers reached partial agreement on reforms to the General Data Protection Regulation (GDPR). (The GDPR, you’ll remember, will replace the EU Data Protection Directive with a…
Category: Commentaries and Analyses
68% of Healthcare Data Breaches Due to Device Loss or Theft, Not Hacking
Jasmine Pennic reports: 68 percent of all healthcare data breaches since 2010 are due to device theft or loss, according to the 2014 Healthcare Breach Report from Bitglass. Despite the recent headlines of hacker attacks to hospitals, only 23 percent of healthcare data breaches were a result of cybercriminals compromising networks and exfiltrating data. The findings come…
ND: Audit: Not making security top concern led to NDUS breach
Tu-Uyen Tran reports that an audit conducted in the wake of NDUS’s breach earlier this year found major problems that went far beyond the few employees who were eventually fired: An email a stranger sent to the North Dakota University System’s computer security officer on the morning of Feb. 7 was the first sign that…
Should the FTC Be Regulating Privacy and Data Security?
Daniel Solove and Woodrow Hartzog write: This past Tuesday the Federal Trade Commission (FTC) filed a complaint against AT&T for allegedly throttling the Internet of its customers even though they paid for unlimited data plans. This complaint was surprising for many, who thought the Federal Communications Commission (FCC) was the agency that handled such telecommunications issues. Is…
Retailers accuse credit unions of talking smack about card breaches
Sean Gallagher reports: Reeling from the bad press associated with an ongoing parade of data breaches caused by criminal infiltration of their payment systems, representatives of six retail industry associations signed a joint open letter that pushes back against a vocal critic of retailers’ cyber-security practices—credit union associations. In the letter addressed to the presidents of…
How to spot a fake online data dump
Both Kelly Jackson Higgins and Brian Krebs had columns yesterday on a report by Allison Nixon of Deloitte on how to vet a data dump. The report should be required reading for journalists as the reputation harm that can occur by publishing or repeating false claims of a hack can be significant. While many will immediately think…