There may be a lot of justifiable criticism of Sony in terms of security, but as I’ve commented previously on this blog, I don’t think “delayed notification” when they discovered they were breached was one of their sins. Robert McMillan reports: Sony didn’t show up for last week’s Capitol Hill hearing on its massive data…
Category: Commentaries and Analyses
President’s cybersecurity agenda includes proposed federal data breach notification law
To cut to the chase: you can read the language of the proposed data breach notification law here. Sadly, the proposed language allows entities NOT to notify affected individuals if they conduct a risk assessment and determine that there is no risk to those whose data were breached. Other problems I see on a first…
Catch a clue from an EDU: Universities that get security right
Mary K. Pratt reports: Professor Corey Schou was working in his school’s library when he realized his computer was picking up a particularly strong Wi-Fi signal. Normally that would be welcome news. But Schou knew that spot was usually a dead zone, which meant something was probably amiss. So Schou, a professor of informatics at…
Sony Declines to Testify at Congressional Hearing
Nick Bilton reports: Sony has declined to testify at a Congressional hearing on Wednesday, “The Threat of Data Theft to American Consumers,” that seeks to understand how consumers’ private data is protected by corporations. […] The subcommittee sent a letter to Sony on Friday asking the company to answer a number of questions related to the…
Customers Stay Despite High-Profile Data Breaches
Jordan Robertson of Associated Press writes: Week after week, thieves break into corporate computer systems to steal customer lists, email addresses and credit card numbers. Large data breaches get overshadowed by even larger ones. Yet people are turning over personal information to online retailers, social networks and other services in growing numbers. The point at…
Ninth Circuit Holds That Violating Any Employer Restriction on Computer Use “Exceeds Authorized Access” (Making It a Federal Crime)
Orin Kerr writes: I had though the world was safe from the nuttiness of the Justice Department’s broad theories of the Computer Fraud and Abuse Act in the Lori Drew case. Not so. Readers may recall I once blogged about a similar case, United States v. Nosal, that raised similar issues in the context of an employee…