One of the recurring themes on my blogs is that we need a federal data protection statute that includes protection of paper records. Breaches involving paper records also need to be included in any federal data breach notification statute. Federal statutes are needed because too many states fail to address the security of paper…
Category: Commentaries and Analyses
The night the lights went out in Georgia?
Wainwright Jeffers reports: Some Dougherty County school workers worry the system put them at risk of identity theft. School officials say they shouldn’t be concerned. WALB learned that twice this week, the system sent employees an e-mail asking them for personal information, including social security numbers for a school system data base. Both times, follow…
Today’s Award for the Silliest Theory of the Computer Fraud and Abuse Act
Orin Kerr, a law professor and former attorney in the DOJ who worked in the computer crimes division, has a commentary on a lawsuit involving CFAA claims that’s interesting in terms of defining the scope of what the Computer Fraud and Abuse covers – and shouldn’t cover: Today’s Award for the Silliest Theory of the…
New report: Data Breach Notifications in Europe
The EU’s ‘cyber security’ Agency ENISA, (the European Network and Information Security Agency) has today issued a report on Data Breach Notifications. The EU data breach notification (DBN) requirement for the electronic communications sector in the ePrivacy Directive (2002/58/EC) is vital to increase in the long term the level of data security in Europe. The…
Hacked Laptops Lead Banks to Warn of Data Breaches
Robert McMillan identifies problems banks face in incidents such as two previously covered on this blog – a Sovereign Bank incident and a PenFed incident: …. According to experts, Sovereign’s decision to investigate the situation and then notify customers is probably more cautious than most. The problem is that it’s often unclear whether hackers were…
AU banks: massive social engineering FAIL
Peter Martin reports: A survey of Australian banks’ call centres has found that half of their staff are prepared to help people access someone else’s financial records. In November, customer experience research firm Global Reviews phoned call centre operators at eight of Australia’s leading banks, including each of the big four. Without identifying themselves as…