Some interesting information compiled by Chris Walsh: Slides from his February 28, 2013 RSA presentation, “Infosec Intelligence And Regulatory Filings: An Investigation Of The Information Security Content Of Mandatory Sec Disclosures” are linked from this blog post, and A compilation of some recent 10-k disclosures can be found here.
Category: Commentaries and Analyses
South Korea Court Opens the Door for Unintentional Data Breach Collective Actions Abroad
Nathan A. Schacht comments on the recent ruling in a lawsuit against SK Communications: … According to reports about this case, the focus was on SK Communications’ violation of its duty to protect the personal data of its operations’ subscribers, including their names, dates of birth, cell numbers and social security numbers. Apparently, after an…
Data Losses Overall Are Up, But Bank Data Breaches Are Fewer: Report
Penny Crosman reports: A report released by KPMG on Tuesday finds that globally, there’s been a 40% increase in the number of publicly disclosed data loss incidents in the past two years. However, financial services firms have seen an 80% decrease in number of incidents in the past five years. Read more on American Banker….
Securing Outsourced Consumer Data
No great surprises, but a new survey, Securing Outsourced Consumer Data,commissioned by Experian Data Breach Resolution and conducted by the Ponemon Institute reveals that many organizations (46%) do not evaluate the security and privacy practices of vendors before sharing sensitive or confidential information. The survey polled nearly 750 individuals in organizations that transfer consumer data to third-party…
Crowd-sourcing an idea for a law
Thanks to partisan politics and intensive industry lobbying, we have no strong federal breach notification law. This, of course, is not news to my readers. But in light of (1) Congress’s current interest in cybersecurity and sharing of information, (2) the fact that up to 40% of breaches are first detected by members of the…
Should the penalty be for the data breach or for aiding and abetting fraud?
Philip Virgo writes: I have just had interesting feed back from a number of CISOs on my posting on the EU data Protection Directive. Some are still stuck in the past, adding yet more electronic nappies to cope with severe cases of data diarrhoea. Others are seeking to make the transition to a future where attack is…