Tracy Kitten writes: Last month, an appellate court in Boston reversed a lower court’s ruling that favored a bank in a legal dispute over a 2009 account takeover incident (see PATCO ACH Fraud Ruling Reversed.) Was that appellate ruling fair? Based on the security practices that most banking institutions used in 2009, probably not. The case…
Category: Commentaries and Analyses
OR: Hacking cases down, still a threat: by the numbers
Some interesting stats in a news report by Queenie Wong in the Statesman Journal: Cybersecurity by the Numbers Since 2009, state agencies have been required to report the number of suspicious information security incidents to the state’s Enterprise Security Office, which is part of the Department of Administrative Services. All incidents are not necessarily considered…
Data breaches up 19 percent, GAO reports
Federal data breaches jumped 19 percent last year, the Government Accountability Office said Tuesday. There were roughly 13,000 incidents reported by agencies in 2010 involving unauthorized disclosures of personally identifiable information — last year, that figure shot up to 15,500, Greg Wilshusen, GAO’s director of information security issues, told the Senate subcommittee on government management…
Recent Developments — Both in the Courts and in Congress — on the Scope of the Computer Fraud and Abuse Act
Orin Kerr writes: I’ve blogged a lot on the scope of the Computer Fraud and Abuse Act, and specifically on whether using a computer in violation of a computer use policy or Terms of Service is a federal crime. I’ve been banging the drum urging courts to adopt a narrow interpretations of the Act for a decade,…
Latest Data Breach Notification Bill Won’t Go Far
Eduard Goodman of Identity Theft 911 dissects the data breach notification bill introduced last month by Rep. Toomey and finds it seriously wanting: The latest bill to address the problem of data breaches is just one of an increasingly long line of proposed federal breach notice regulations with little to no chance of becoming law…
FTC Action Against Wyndham May Provide First Fully Litigated Section 5 Privacy/Security Case
Hogan Lovells Chronicle of Data Protection has a commentary on the FTC’s lawsuit against Wyndham (mentioned previously on this blog): On June 26, the FTC filed a complaint against Wyndham Worldwide Corporation, a global hotel and resort company, and three of its subsidiaries for violation of Section 5 of the FTC Act. If this case goes to…