I recently posed the question about when three years of credit monitoring might not be enough. As it turns out, deciding what to offer those affected by a breach may be a bit easier in light of a new offering from Debix called AfterCare™. Although I generally avoid blogging about commercial products, the timing of this…
Category: Commentaries and Analyses
Article: Data Protection and Data Security Issues Related to Cloud Computing in the EU
Lawyer Paolo Balboni of the European Privacy Association, Italian Institute for Privacy, and Tilburg University has an article that has been made available on SSRN. Here’s the abstract: We are in the midst of a revolution within computing. It goes under the name of cloud computing. Analysts estimate that in 2012, the size of the…
States unable to protect citizens’ personal, health data from cyberthieves
Byron Acohido writes: This should come as no surprise. State government agencies aren’t devoting nearly enough resources to protect citizens’ sensitive data from hackers and data thieves. Some 49 out of 50 states report that a lack of budget is crippling efforts to manage cybersecurity effectively. One state chose not to participate. That’s the upshot…
ICO confirms imminent data breach fines
Dan Worth reports: The Information Commissioner’s Office (ICO) has confirmed that it is in the process of imposing fines against organisations that have breached the Data Protection Act. Deputy information commissioner David Smith told V3.co.uk at an Internet Society event in London that the regulator hopes that the fines will make a significant statement about…
When is three years of free credit monitoring still not enough?
How quickly times change. It seems like only a few years ago that we thought it newsworthy that a breached entity would offer a year of free credit monitoring. Then it became newsworthy when they offered two years. Then it became newsworthy when they didn’t offer any free services. Now some retirees in Delaware are…
Maryland Court: Employees Who Steal Data from the Company Computer Do Not Violate the Computer Fraud and Abuse Act
Nick Ackerman of Dorsey & Whitney LLP has a nice write-up on a Maryland court decision that although it doesn’t deal with PII, does deal with whether an employee can be found guilty of “unauthorized access:” A federal district court in Maryland held that an employee who stole proprietary data from his prior employer did not…