Brent Kendall reports: The Federal Trade Commission is offering a strong defense of its powers to police cybersecurity practices against a challenge by Wyndham Worldwide Corp. We wrote about Wyndham’s challenge earlier this month in a case involving attacks by hackers on the hotel chain’s computer systems between 2008 and 2010. The FTC sued Wyndham last year…
Category: Commentaries and Analyses
Are TerraCom and YourTel the poster children for how NOT to respond to a breach?
Isaac Wolf reports: A month ago, two phone carriers participating in a federal benefit program were alerted that sensitive customer records, including Social Security numbers and bank-account records, were freely posted online. Now, Oklahoma-based TerraCom Inc. and affiliate YourTel America Inc. — the companies that collected the records — say they don’t plan to notify…
Who – if anyone – is responsible for notifying victims of some breaches?
I’ve blogged a number of times about how although law enforcement may uncover breaches or data theft, the victims often do not get notified in a timely fashion – if at all. Here are just a few scenarios where no one may notify people whose data have been stolen: Law enforcement discovers a handwritten list…
Privacy Regulators and the Media Can Make a Bad Data Breach Worse
Larry Keating writes: …. the privacy commissioners hammer down hard on those high profile losses when thousands of records go missing. They want disclosure of the incident and protection for the individuals. The media piles on, always on the hunt for the details, to splay the true extent of the incident for their readers. But…
Pennsylvania on data breach – shoot first, ask questions later
Blaine Kimrey of Lathrop & Gage LLP has a commentary on a breach notification law that passed the PA Senate. As noted previously on this blog, the bill extends existing data breach notification responsibilities to state agencies, but also requires notification of those affected within seven days. Kimrey writes: After a series of embarrassing governmental…
Lessons from EDRM/FERC/Enron Data Privacy Breaches (updated)
Thanks to Joe Howie of BeyondRecognition.net for alerting me to what appears to be a very long-running, inadequately remedied breach that has exposed – and may be continuing to expose – the Social Security numbers and other personal information of thousands of people. I am posting this with some hesitation, as the data may still…