Anna Forrester reports: The National Institute of Standards and Technology has released a draft guidance for federal agencies, contractors and the intelligence community to evaluate the privacy and security controls used on federal information systems and information technology networks NIST said Friday that the “Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans” document (SP…
Category: Commentaries and Analyses
Data Breaches And Notifications: A Contrarian View? Or More Of The Same?
AlertBoot writes: The Wall Street Journal has an article on how certain executives are questioning the value of notifying the general public on company data breaches. The pay-walled article notes that there are valid reasons against more transparency. The thing is, most of these so-called reasons are self-serving – which is why 47 states have laws requiring…
600 Retailers Ensnared in Major New Malware Attack, Cybersecurity Firm Says
Sam Frizell reports: The number of businesses ensnared in a new malware attack revealed in a Department of Homeland Security report this week may run to six hundred, according to a cybersecurity firm that helped DHS prepare the report. Hackers are using point-of-sale (PoS) malware to steal consumer payment data, including credit and debit card…
Ottawa reports 101 privacy breaches since April
Alex Boutilier reports: The federal government has quietly logged 101 breaches of Canadians’ private information over the last four months, the Star has learned. Numbers released by Privacy Commissioner Daniel Therrien’s office reveal his office was informed of a privacy breach an average of almost once a day since April 1. The majority of these…
UK: Review of the impact of the ICO’s civil monetary penalties
Have civil monetary penalties (CMP) for data protection breaches had any impact in the U.K.? The Information Commissioner’s Office has had the authority to issue such penalties since April 2010 for serious breaches of the Data Protection Act (DPA), and since May 2011 for serious breaches of the Privacy and Electronic Communications Regulations (PECR). From…
House Oversight’s lopsided hearing on the FTC
The House Oversight Committee held a hearing this morning that was supposed to be about FTC authority under Section 5, but it wound up being more of Chairman Darrell Issa using his position as a bully pulpit to attack the FTC, Tiversa, and Democrats on the committee who would not give a potential whistleblower (a former employee…