Stewart Baker responds to Joseph Menn’s recent report on companies fighting back against attackers. He comments on the different offensive strategies: Here’s the problem. A generation of computer crime lawyers at the Justice Department has devoted their careers to discouraging the reaction that Menn describes. That’s because the fundamental law in this area, the law…
Category: Commentaries and Analyses
Hacked companies fight back with controversial steps
Joseph Menn of Reuters reports that some U.S. firms are fighting back against hackers in unorthodox – if not downright illegal – ways: “Not only do we put out the fire, but we also look for the arsonist,” said Shawn Henry, the former head of cybercrime investigations at the FBI who in April joined new…
Does a Data Breach in the U.S. Require Notification in Europe?
Paul Van den Buick writes: The European legal framework on the protection of personal data (Directive 95/46/Ec) is acknowledged as one of the strictest in the world. This tendency seems to be confirmed by the new draft regulation on the protection of personal data revealed by the European Commission in January 2012, which, once adopted,…
Entities need to up their game when it comes to breach disclosures
Help Net Security reports on a new Experian/Ponemon survey, “Consumers confused about data breaches.” Over 60% of respondents had trouble understanding the notification letters or felt the entity did not give them sufficient details. One take-home message is what I’ve been saying for years: breach notifications need to be written in plain language and include…
New Math, data breaches version
As a survivor of New Math, it’s somewhat amazing that I’m willing to deal with numbers or math at all. Yet, here I am, with a simple equation as today’s New Math: UNCC + UN = time for regulation Simple, elegant, and somewhat nonsensical as a math equation, but two recent education sector breaches do…
University of Nebraska breach needs to reverberate in Washington, D.C.
The University of Nebraska disclosed a breach last week, which I dutifully entered on DataLossDB. The breach sounded like it could be huge, despite the university’s statement that it had no evidence (at that time) that any data had been downloaded: The NeSIS database includes Social Security numbers, addresses, grades, transcripts, housing and financial aid…