Dan Worth reports: The Information Commissioner’s Office (ICO) has confirmed that it is in the process of imposing fines against organisations that have breached the Data Protection Act. Deputy information commissioner David Smith told V3.co.uk at an Internet Society event in London that the regulator hopes that the fines will make a significant statement about…
Category: Commentaries and Analyses
When is three years of free credit monitoring still not enough?
How quickly times change. It seems like only a few years ago that we thought it newsworthy that a breached entity would offer a year of free credit monitoring. Then it became newsworthy when they offered two years. Then it became newsworthy when they didn’t offer any free services. Now some retirees in Delaware are…
Maryland Court: Employees Who Steal Data from the Company Computer Do Not Violate the Computer Fraud and Abuse Act
Nick Ackerman of Dorsey & Whitney LLP has a nice write-up on a Maryland court decision that although it doesn’t deal with PII, does deal with whether an employee can be found guilty of “unauthorized access:” A federal district court in Maryland held that an employee who stole proprietary data from his prior employer did not…
Designing an Insecure Internet
Julian Sanchez also responds to the morning’s biggest story: If there were any doubt that the 90s are back in style, witness the Obama administration’s attempt to reignite the Crypto Wars by seeking legislation that would force Internet services to redesign their networks and products to provide a centralized mechanism for decrypting user communications. It cannot be stressed…
Lessons From A Security Breach
Ed Sperling writes: In late July Kern Medical Center’s information system came to a grinding halt. The hospital believed it had the standard security systems in place to protect its medical records. But for 16 long days that stretched into August, the hospital struggled to get its systems operational and isolate the problem from its…
The PCI Lessons From Google’s Employee Data Breach
Walter Conway writes: When Google this month fired a programmer for using the search giant’s database to investigate an intriguing teenager, it showed that even the most sophisticated and respected technology brands can have a trusted employee go rogue. This lesson should not be lost on retail executives, who may rely on several third-party service…