Rebecca Herold of IT Compliance has a commentary on Nevada’s new encryption law and whether the state’s data breach law makes the encryption law moot. It begins: On May 30, 2009, Nevada enacted a new law, SB 227, which will basically replace NRS 597.970 in January 2010. In many ways the new law is an…
Category: Commentaries and Analyses
A Treasure Trove For Hackers
Forensics experts at the Dublin office of consultancy Ernst & Young have found evidence that prominent companies in Ireland are allowing home-based employees to download sensitive company and client data to their personal computers. Second-hand computer hard drives containing sensitive information – including hundreds of customer bank, Laser and credit-card account details, car registration information,…
Pain and Suffering in the Aftermath of a Breach
One of the obstacles to consumer class action lawsuits in response to data breaches has been that most individuals cannot demonstrate actual harm, where harm is defined by the courts in financial terms. As Judge D. Brock Hornby explained when he threw out most of the Hannaford Bros. lawsuit, Maine state law requires that there…
Coffman on the Heartland Lawsuits
Tom Field of BankInfoSecurity.com has an interesting interview with Richard Coffman, the Texas attorney who filed the first class action lawsuit against Heartland Payment Systems (HPY). Coffman represents banks and financial institutions suing HPY. One of the more intriguing aspects of the interview has to do with why Coffman thinks that banks and financial institutions…
Audit of US DOE on Incidents
Parts of the report were redacted, indicated by x’s below. Executive Summary: The Office of Inspector General (OIG) performed a review of the Department of Education’s (Department) external web sites. This audit was conducted in accordance with the Federal Information Security Management Act (FISMA) as enacted by Title III of the E-Government Act of 2002,…
Analysis of Savvis’ Motion to Dismiss Lawsuit
David Navetta has written a clear and helpful analysis of Savvis’ motion to dismiss Merrick Bank’s lawsuit against Savvis, arising out of the CardSystems Solutions breach.