Several years ago, I wrote to the NYC Comptroller’s Office and asked them to re-audit the NYC Department of Education on information technology/data security. To my knowledge, they haven’t done so. If you are a parent of a student in the NYC schools, this should concern you because the previous audit and two re-audits showed…
Category: Commentaries and Analyses
NY: East Quogue Union Free School District – audit
I’ve occasionally posted audits of school districts in New York State conducted by the NYS Comptroller’s Office. Yesterday, Comptroller DiNapoli released some new audits yesterday. One of them involved an audit of information technology at the East Quogue Union Free School District in Suffolk County. The audit covered the period July 1, 2012 — August 31,…
LinkedIn vulnerability to MITM attacks puts your data at risk – Zimperium
Zimperium Mobile Defence says that their testing found that LinkedIn users are at risk of Man-in-the-Middle Attacks: What information is vulnerable? Using basic MITM, we found that an attacker can extract a LinkedIn user’s credentials, hijack their session to gain access to all other LinkedIn information and impersonate the user. The following information is exposed,…
Canada: Stolen Customer Data Results In Ontario’s First Certified Privacy Class Action
Michael J. Paris of Bennett Jones LLP writes: Businesses that collect personal information have an added incentive to monitor employees handling customer data – Ontario’s first class action arising from the new tort of “intrusion upon seclusion” was certified last week.1 In Evans v Bank of Nova Scotia, the plaintiffs sought to certify a class action…
Another post-Clapper Data Privacy Breach Case dismissed for lack of standing
David M. Brown of Montgomery McCracken Walker & Rhoads LLP writes: The U.S. Supreme Court’s decision in Clapper v. Amnesty International USA, 133 S. Ct. 1138 (2013), continues to be relied on by federal courts to hold that “mere loss of data” or “increased risk of identity theft” in a data breach case does not constitute…
Are Data Breach Investigations Privileged?
Over the past few years, I’ve seen more and more references to the idea that if breached entities have their legal counsel arrange for a forensics or breach investigation, the breach investigation would be considered privileged communications or attorney-client work. Needless to say, I am not happy at any end-run around transparency involving breach investigations….