Tag Archives: retail

New Credit Card Security Doesn’t Go Far Enough

This entry originally ran as an op-ed in the September 25, 2015 edition of The Boston Globe.

Hardly a week goes by without a news report of a new cyberattack. As any consumer affected by fraud knows, the harm is real. The impact on businesses, government, and other targets is also real,… More

Breaking Down the White House Privacy Framework–a Video Blog

Here is a video discussion I had with LexBlog on the new White House Data Privacy report, “Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy.” In this conversation, we discussed the report’s four primary elements:

a Consumer Privacy Bill of Rights,
a multistakeholder process to specify how the principles in the Consumer Privacy Bill of Rights apply in particular business contexts,…

Most Recent Sony Breach Illustrates the Cascading Effect of Data Breaches

It was revealed recently that Sony’s on-line services were the subject of another significant attack. This incident, however, did not exploit a vulnerability in Sony’s security infrastructure so much as it highlighted the cascading effect of data breaches.

Rather than try to scale any fences or jimmy any windows, this attack used account holders’ own keys to open the front door. According to a statement by Sony,… More

Analysis of the Supreme Court’s Decision Striking Down Vermont Pharmaceutical “Data Mining” Law

As promised in our earlier entry, here is our detailed discussion of the Supreme Court’s decision in Sorrell v IMS Health, Inc.,written by Colin J. Zick, Pat A. Cerundolo, Tad Heuer

On Thursday, June 23, the United States Supreme Court voted 6-3 to strike down a Vermont statute that sought to impose significant restrictions on pharmaceutical detailing and “data mining”… More

Will 2011 Bring Us “Do Not Track” Legislation?

Posted below is another contribution from my colleague David Broadwin on our Emerging Enterprise Center blog about the potential for legislative change in 2011. I agree with the conclusions he draws:

This is an area where bipartisan concensus is possible.
The industry powers will fight against “Do Not Track” and will win that fight.
Industry will accept some other form of regulation in exchange for defeating “Do Not Track.”

We could see passage of a federal data security and privacy statute,… More

Albert Gonzalez Gets 20 Years for TJX / Heartland Breaches

Last week was a tough week for Albert Gonzalez, the so-called "leader of the largest hacking and identity theft ring ever prosecuted by the U.S. government." Gonzalez received a sentence of 20 years of imprisonment in two separate federal cases against him. The hacker, known variously as "segvec," "soupnazi" and "j4guar17" pled guilty in the New Jersey and Massachusetts cases for his role as mastermind of the two largest financial data breaches ever,… More