About two weeks ago, when Equifax first revealed their massive data breach, it was noted by many that the company didn’t appear to be prepared nor equipped to deal with the demands of whatever contingency plans they had prepared for the day they would be hacked. That was on the first day after Equifax had […] read more
Delaware, the second-smallest state but the leader in business incorporations, at least within the USA, has updated its legal framework regarding data breach notifications. Beginning on August 14, 2018, companies that experience a data breach must notify any affected individuals in Delaware within 60 days. In addition, credit monitoring – free of charge, of course […] read more
Earlier this week, the US Customs and Border Protection (CBP) responded to Senator Ron Wyden’s inquiries regarding electronic device searches at US borders (more specifically, airports). As numerous media outlets have relayed, CBP “admitted” that they do not have the authority to search data that is “solely” in the cloud, data that is not the […] read more
A case of “sextortion” – blackmailing someone over naked footage (digital footage, more specifically, to reflect the times we live in) – between Instagram celebs has again dredged up the decidedly non-superfluous legal quagmire that’s been repeatedly visited since at least 2009: Is forcing a defendant to spit out his or her password a violation […] read more
HIPAA Disk Encryption: Why Would You Authorize Employees To Work From Home Without Encrypting Patient Data?.
According to wreg.com, patients at the Boston Baskin Cancer Foundation recently learned they were potential victims of a data breach. This is one of those cases where one is left wondering if administrators thought things through: HIPAA encryption software was not used on a data storage device that comprised six years worth of patient data; […] read more
Details are beginning to emerge for the European Union’s data protection laws. Like many before it, the use of encryption software is being encouraged in order to safeguard the private information of people who fall under the EU’s jurisdiction. In addition, a number of other details are being considered as well, such as the use […] read more
When you consider the furor that has been raised over HIPAA data breaches for the past five years – and the fact that it has contributed heavily towards medical organizations investing in the use of medical file encryption software like AlertBoot – it boggles the mind that we can still come across such a story […] read more
The Wall Street Journal has an article on how certain executives are questioning the value of notifying the general public on company data breaches. The pay-walled article notes that there are valid reasons against more transparency. The thing is, most of these so-called reasons are self-serving – which is why 47 states have laws requiring […] read more
Desktop Encryption: LA County Encrypts All Workstations, Will Require The Same From Contracted Agencies.
It escaped my notice, so I’m opining on this three weeks late – to be honest, a quick search seems to indicate that almost no one covered this particular development – but Los Angeles County has moved to up their data security by pursuing workstation encryption, as seen in this motion. All I can say […] read more
Desktop computer encryption under HIPAA: is it really necessary? Most people have argued over the years that the answer is “no,” not only because the use of encryption software under HIPAA rules happen to be addressable (as opposed to required), but because nobody really expects that to happen. Reasons generally given as a clarification to […] read more