UK ICO to SMEs: Data Protection Laws Apply to You.

The United Kingdom’s Information Commissioner’s Office (ICO) has slapped Boomerang Video Ltd. (BV), a company that rents out video games, with a £60,000 fine. The monetary penalty is the result of a 2014 data breach in which personal details of 26,000 people were stolen. The fine deserves another look because BV’s data breach was the […] read more

Louisville Hall of Justice Computer Stolen And Recovered, Hard Drive Still Missing.

There are reports out of Kentucky that a computer being used at the Louisville Hall of Justice has been stolen. The notable thing about this story, however, is that the computer was eventually recovered. Even more notable: the recovered computer was missing its hard drive. This small fact can be interpreted in many ways, but […] read more

Tennessee Updates Law That Required Notification For Encrypted Personal Data Loss.

In 2016, Tennessee created something of a legal furor when it became the first state to require data breach notifications (DBN) even if the lost or stolen data was protected with encryption. Earlier this month, a new law took effect that “clarifies [this] confusion” for companies: they are not required to send DBNs if the […] read more

New Mexico Now Has A Data Breach Notification Bill.

New Mexico will be the latest US state to add a data breach notification law to its books. Once the bill officially becomes a law, only two states – Alabama and South Dakota – will remain outsiders to the crazy idea that people should be notified if their personal data is hacked. You can read […] read more

WikiLeaks Shows That Encryption Works, Even Against Spooks.

Last week, the world saw another bombshell announcement from WikiLeaks. Per their tweets and resulting confidential data dump, it was readily apparent that the CIA had amassed techniques for breaking into many kinds of digital devices imaginable: smartphones and computers, yes, but also things connected to the internet, like smart TVs (perhaps they’ve looked into […] read more

Third Circuit Appellate Court Says “OK” To Data Breach Lawsuit.

Recently, the US Court of Appeals for the Third Circuit concluded that “the improper disclosure of one’s personal data in violation of FCRA [Fair Credit Reporting Act] is a cognizable injury for Article III standing purposes.” In other words, people can go to court over data breaches and data breaches alone; there is no need […] read more

Frequent Password Changes Not A Secure Data Security Practice.

According to the Federal Trade Commission’s Chief Technologist, forcing users to frequently change their password can be counterproductive when it comes to fighting data breaches. Mind you, it’s not the frequency itself that leads to security weaknesses. Rather, it’s what happens at the weakest link in most security systems — individual behavior — that leads […] read more

UK Court Says Hacker Can’t Be Compelled To Provide Encryption Password.

Many will read the title above and think this has a bearing on RIPA, the Regulation of Investigatory Powers Act of 2000. It does, but only barely. I’ve got to admit it is a bit misleading. It’s also 100% true… but only because of the degree of farce involved in this matter. According to the […] read more

Gibberish = Encryption? Not By A Long Shot.

As the world descends into utter chaos, I take comfort in knowing that people are generally very levelheaded. It doesn’t quite always work that way, but seeing how North Korea’s government lives another day to threaten the flooding of Seoul in a sea of fire; or that European countries haven’t copped out to what some […] read more