Jordan Robertson of Associated Press writes: Week after week, thieves break into corporate computer systems to steal customer lists, email addresses and credit card numbers. Large data breaches get overshadowed by even larger ones. Yet people are turning over personal information to online retailers, social networks and other services in growing numbers. The point at…
Category: Commentaries and Analyses
Ninth Circuit Holds That Violating Any Employer Restriction on Computer Use “Exceeds Authorized Access” (Making It a Federal Crime)
Orin Kerr writes: I had though the world was safe from the nuttiness of the Justice Department’s broad theories of the Computer Fraud and Abuse Act in the Lori Drew case. Not so. Readers may recall I once blogged about a similar case, United States v. Nosal, that raised similar issues in the context of an employee…
Defending the Digital Gates: Universities and Cyber Security
Kevin Lizarazo writes: More than a year and a half ago, in a computer lab in Stony Brook University, Peter Yeh and his friend sat down at their terminals with one goal: to hack into a computer system. The target was the school’s SOLAR System, a web-based service for students and faculty to manage their…
Sony answers some questions, while more inquiries pile on
Sony has posted a Q&A #1 for PlayStation Network and Qriocity Services, responding to some of the concerns raised about their recent breach. Of note, they say that all of the credit card data were encrypted, although they acknowledge that the personal data table was not encrypted. More will come out in time, of course….
Data breach fines can risk more harm than good, experts say
George V. Hulme writes: Are regulatory and security breach fines protecting the consumer, or beginning to unduly drive security policy? As penalties begin to be levied against organizations who have been attacked, or employees violated data policy, some experts now question whether the government is penalizing one of the victims in a crime, rather than…
ICO slammed for data protection enforcement failures
As regular readers of this blog already know, the ICO has issued fines over data protection breaches precisely four times since he acquired the authority to do so, despite public clamor for him to really get tough. Now Caroline Donnelly reports: … In total, information concerning 2,565 potential data breaches was passed on to the…