In response to VTech’s controversial new EULA in the wake of their massive data breach, Cooley LLP has a commentary. Here are some excerpts: Apart from being a bit mean, it goes against the basic principles of data protection and consumer law in the UK. The Data Protection Directive 95/46 EC places obligations on the…
Category: Of Note
uKnowKids database exposed personal and location info of 1,740 kids (Update1)
A misconfigured database from a child tracking & monitoring firm exposed over 6.8 million private child text messages, 1.8 million images (many depicting children), and over 1700 in-depth child profiles. uKnowKids monitoring software advertises that it “Makes Parenting Easier, and Keeps Kids Safe Online and on the Mobile Phone.” On its web site, it claims that it has helped parents protect…
NSA Wants ‘Zero Day’ Process Kept Secret
Nicholas Iovino reports: The National Security Agency on Thursday defended hiding key details of its process for deciding whether to exploit or disclose software security flaws that make people vulnerable to hackers. The Electronic Frontier Foundation sued the NSA in 2014 for withholding records on the government’s handling of “zero days,” newly discovered security flaws…
Los Angeles physical therapy provider settles HHS charges that it impermissibly disclosed patient information
An announcement by HHS on Feb. 16 seems to have flown under most media radar. It seems that Complete P.T. used patient images and testimonials on their web site without patient consent, generating a complaint to HHS that HHS investigated and confirmed. Complete P.T. has admitted liability, agreed to pay $25,000, and has agreed to a…
California Attorney General Releases Report Defining “Reasonable” Data Security
I’ve previously posted a link to a report by the California Attorney General on breaches in California and recommendations, but I like that this post by Hunton & Williams focuses on the how the recommendations relate to “reasonable security:” Importantly, the Report states that, “[t]he failure to implement all the [Center for Internet Security’s Critical Security]…
Department of Homeland Security Issues Procedures Regarding Sharing Cybersecurity Information
On February 16, 2016, the Department of Homeland Security (“DHS”), in collaboration with other federal agencies, released a series of documents outlining procedures for both federal and non-federal entities to share and disseminate cybersecurity information. These documents were released as directed by the Cybersecurity Act of 2015 (the “Act”), signed into law on December 18, 2015. The…