Delaware Updates Data Breach Notification Rules.

Delaware, the second-smallest state but the leader in business incorporations, at least within the USA, has updated its legal framework regarding data breach notifications. Beginning on August 14, 2018, companies that experience a data breach must notify any affected individuals in Delaware within 60 days. In addition, credit monitoring – free of charge, of course […] read more

NIST Guy Who Came Up With Hair-Tearing Password Requirements Says He’s Sorry.

The “NIST midlevel manager” who came up with the crazy password requirements – well, technically, recommendations. You know, must include special characters, uppercase and lower case letters, alphanumeric – says that he’s sorry and that “much of what [he] did [he] now regret[s].” As the Wall Street Journal explains, Bill Burr was a manager at […] read more

Australia Looking To Compel Electronic Message Decryption.

Last week, Reuters and other sources reported that the Australian government has proposed laws that would compel companies to provide access to encrypted information. Obviously, asking for such data is conditional upon taking all the proper legal steps.   A Growing Demand Governments the world over have been clamoring for access to encrypted data for […] read more

Schools In EU Could Face Heavy Fines For Data Breaches.

Beginning in May 2018, schools in EU member countries (including the UK despite Brexit) must comply with the new General Data Protection Regulation (GDPR). Not doing so would mean they could be subject up to 4% of their turnover, a figure that created quite the buzz when it was announced for businesses earlier this year […] read more

UK ICO to SMEs: Data Protection Laws Apply to You.

The United Kingdom’s Information Commissioner’s Office (ICO) has slapped Boomerang Video Ltd. (BV), a company that rents out video games, with a £60,000 fine. The monetary penalty is the result of a 2014 data breach in which personal details of 26,000 people were stolen. The fine deserves another look because BV’s data breach was the […] read more

Target Settles With 47 Attorneys General Over 2013 Hack.

One of the biggest hacks in history was the Target credit hack of winter 2013, which affected approximately 60 million people. Four years later, Target is finally putting the situation behind, settling legal action brought to it by 47 states. The amount: $18.5 million. This does not include the many millions the Minnesota-based retailer paid […] read more

Sextortion Case Treads A Well-Worn Path: Are Passwords Protected Under the Fifth?.

A case of “sextortion” – blackmailing someone over naked footage (digital footage, more specifically, to reflect the times we live in) – between Instagram celebs has again dredged up the decidedly non-superfluous legal quagmire that’s been repeatedly visited since at least 2009: Is forcing a defendant to spit out his or her password a violation […] read more

Israel Introducing Data Breach Notification Law.

It was reported last week that Israel introduced mandatory data security and breach notification requirements into its law books. The law is expected to go into full effect next year. Business of all types – be they global, multinational companies or the barber shop down the street – will be affected by the new regulations. […] read more

New Mexico Now Has A Data Breach Notification Bill.

New Mexico will be the latest US state to add a data breach notification law to its books. Once the bill officially becomes a law, only two states – Alabama and South Dakota – will remain outsiders to the crazy idea that people should be notified if their personal data is hacked. You can read […] read more