Kudos to Dan Goodin for trying to help the public understand the significance of Heartbleed: Lest readers think “catastrophic” is too exaggerated a description for the critical defect affecting an estimated two-thirds of the Internet’s Web servers, consider this: at the moment this article was being prepared, the so-called Heartbleed bug was exposing end-user passwords, the…
Category: Commentaries and Analyses
EXCLUSIVE: U.S. Info Search is responsible for notifying victims of breach, not us – Experian
Because the data were owned and controlled by U.S. Info Search, Experian says they are not responsible for notifying victims of a breach involving Court Ventures, a firm it acquired in 2012. So why does the media only have Experian’s name in the headlines? Jim Finkle of Reuters recently reported that there is a multi-state investigation…
Do Claims Resulting From a Data Breach Have Any Success in Court?
Richard Raysman and Peter Brown write:’ … courts have begun to confront a myriad of legal questions arising from these incidents. Companies and employees have heretofore been subject to suit in myriad jurisdictions as a result of data breaches and disclosures. Heretofore, the results have not been consistent and remain largely contingent on the facts…
Federal court denies Wyndham Hotels & Resorts’ motion to dismiss FTC’s complaint
Ashkan Soltani has uploaded an important ruling in FTC v. Wyndham, a case discussed many times on this blog. The short version of the ruling is that Wyndham went 0 for 3 on its challenges to the FTC’s authority to enforce data security under the FTC Act, to enforce data security in the absence of regulations that…
Is delaying notification for law enforcement purposes ever unreasonable?
Over on Security Bistro, Linda Musthaler discusses the recently disclosed Spec’s breach and the fact that Spec’s knew about the breach but was asked not to disclose it by law enforcement. We’ve seen this many times – delays in notification so as not to interfere with a law enforcement investigation. But should there be some…
Federal court ruling in Carnegie Strategic Design Engineers v. Cloherty applies narrow interpretation of CFAA
Robert R. Baron, Jr., David S. Fryman, Corinne Militello, and Philip N. Yannella of Ballard Spahr write: A Pennsylvania federal magistrate judge has tossed an employer’s claims under the Computer Fraud and Abuse Act (CFAA), holding that the CFAA does not extend to punish employees for the misuse of information that was accessed with permission….