Commentaries and Analyses – Page 765

Latest Data Breach Notification Bill Won’t Go Far

Posted on July 24, 2012 by Dissent

Eduard Goodman of Identity Theft 911 dissects the data breach notification bill introduced last month by Rep. Toomey and finds it seriously wanting: The latest bill to address the problem of data breaches is just one of an increasingly long line of proposed federal breach notice regulations with little to no chance of becoming law…

FTC Action Against Wyndham May Provide First Fully Litigated Section 5 Privacy/Security Case

Posted on July 13, 2012 by Dissent

Hogan Lovells Chronicle of Data Protection has a commentary on the FTC’s lawsuit against Wyndham (mentioned previously on this blog): On June 26, the FTC filed a complaint against Wyndham Worldwide Corporation, a global hotel and resort company, and three of its subsidiaries for violation of Section 5 of the FTC Act. If this case goes to…

Follow-up: Regulators criticize NYSEG for computer security breach

Posted on July 12, 2012 by Dissent

Remember the breach reported by New York State Electric & Gas (NYSEG) and Rochester Gas and Electric (RG&E) back in January? Jeff Platsky reports the results of an investigation into the utilities’ security: A potential data breach at New York State Electric & Gas Corp. not only drew the ire of customers but is now…

EU wants breach notification for certificate authorities

Posted on July 6, 2012 by Dissent

Stewart Mitchell reports: European authorities plan to clamp down on certificate authorities, demanding security signing organisations speak up if hit by hackers. Certificate authorities – either private or government backed – issue digital certificates that verify web pages and code, and are a key component of the web running smoothly and securely. But as last…

Cybercrime disclosures rare despite new SEC rule

Posted on July 2, 2012 by Dissent

Embedded in revisions to a proposed cybersecurity law are some provisions on mandatory breach notification. Richard Lardner reports: The chairman of the Senate Commerce, Science and Transportation Committee, Sen. Jay Rockefeller, D-W.Va., is adding a provision to cybersecurity legislation that would strengthen the reporting requirement. The SEC’s cybersecurity guidance issued in October is not mandatory. It was…

Old law puts school data at risk

Posted on June 23, 2012 by Dissent

Susan Palmer reports: An obscure state regulation — one that requires districts to keep student records for decades — is one reason several thousand Eugene School District students are at risk of having their Social Security numbers hijacked following a security breach of the district’s electronic records. School districts must retain student records for 75…