Quick Thoughts About the Yahoo Breach

Another day, another 500 million Yahoo accounts breached. Our friends at the FTC are right on top of this with guidance for individuals with Yahoo accounts.  First and foremost, change your Yahoo password.

According to Yahoo, the breached information may have included names, email addresses, telephone numbers, dates of birth, passwords, and security questions. Yahoo believes this information was stolen in late 2014.… More

What to Expect from the EU’s New Network and Information Security Directive

On July 6, 2016, the European Union adopted Directive (EU) 2016/1148, “concerning measures for a high common level of security of network and information systems across the Union,” otherwise known as the Network and Information Security Directive. (A directive, in EU parlance, is an instruction to member states to achieve a particular objective and a general framework for how to do so.  This differs from a regulation, which is immediately binding on all member states.)  Pursuant to this Directive,… More

Cybersecurity News and Notes – September 13, 2016

In Case You Missed It:  The Federal Trade Commission has opened a public comment period to evaluate its Safeguards Rule (16. C.F.R. § 314.3).  Under the Gramm-Leach-Bliley Act (GLBA), which regulates financial institutions, the FTC is empowered to promulgate regulations governing how financial institutions secure consumer information.  The Safeguards Rule, as currently in force, does not have specific “how-to” requirements, but rather broad and flexible standards that financial institutions can use as guidelines in assessing risks to the data they maintain and in developing viable security plans. … More

Which U.S. Businesses Must Comply with EU Data Protection laws?

What the recent Amazon decision tells us

On 28 July 2016, the European Court of Justice rendered a decision in a dispute between an Austrian Consumer Protection organization known as VKI (Verein für Konsumenteninformation) and Amazon EU Sàrl, a subsidiary of Amazon registered in Luxembourg. The main issue in this case is whether Amazon General Conditions were enforceable under Consumer Law; however; one of the questions referred to the European Court was about the territorial scope (Article 4) of the 95/46/EC Directive on Data Protection.… More

Cybersecurity News and Notes – August 29, 2016

In Case You Missed It: Sometimes data breaches crop-up in the most unlikely of places.  Last week we learned that the vendor that handles fish and hunting licenses for the states of Idaho, Oregon, and Washington was hacked.  The breach potentially exposed the following information for those with fishing or hunting licenses in those northwest states: names, addresses, driver’s license numbers, dates of birth, and the last four digits of Social Security numbers. … More

Cybersecurity News & Notes – August 8, 2016

In Case You Missed It:  In a sign of the growing importance of cyber operations in warfare, the Obama administration plans to elevate the status of the Pentagon’s Cyber Command.  The U.S. Cyber Command, or USCYBERCOM, was created on June 23, 2009.  Its stated mission is to, among other things, “conduct full spectrum military cyberspace operations” to “ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.”  Currently,… More

Cybersecurity News and Notes – August 1

In Case You Missed It:  The Federal Trade Commission issued an opinion in the LabMD case, overturning an ALJ’s November 2015 decision holding that the FTC failed to meet its burden to prove that LabMD’s data security practices caused or were likely to cause substantial consumer injury.  (See this blog’s previous coverage of that decision here.)  The FTC’s complaint against the company concerned two different data privacy incidents that allegedly affected over 10,000 consumers. … More

Article 29 Working Party on the EU-US Privacy Shield: A Number of Concerns Remain But Let’s See How It Works

Article 29 Working Party on the EU-US Privacy Shield:

The EU’s Article 29 Working Party analyzed the final version of the Privacy Shield and issued a statement on July 26, 2016.  What does this mean?

  • Recap: Where are we and how did we get here?

On February 29, 2016, the European Commission issued a draft adequacy decision reflecting the outcome of its negotiations with US authorities in relation to the Privacy Shield,… More

Guest Podcast: Europe’s New General Data Protection Regulation–What Is It and Are You Ready for It?

Are you looking for an introduction to the European Union’s General Data Protection Regulation (GDPR)?  To find out when and how it’s going to impact you and your organization, listen to this quick 10 minute podcast with, Deborah Hurley. Deborah is an adjunct professor of the practice of computer science at Brown University, fellow at the Institute for Quantitative Social Science at Harvard University, and principal at Hurley Consulting.… More

Cybersecurity News and Notes – July 25, 2016

In Case You Missed It: U.S. Major party platforms address cybersecurity.  The two major parties have released their 2016 election platforms, both of which include cybersecurity planks.  The Republican platform’s perspective of cybersecurity is an element of national security and international relations. The platform called for harsh responses to cyber-attacks against American businesses, institutions, and government, applauded the Cybersecurity Information Sharing Act of 2015, and pledged to “explore the possibility of a free market for Cyber-Insurance.” The Democratic platform is largely as a continuation of President Obama’s cybersecurity policies.… More