Privacy Plus+ News
Stay informed with our latest insights on privacy and technology trends, along with key updates from our firm.
“Public Insecurity:” The Special Vulnerability of Public Facilities
This week, let’s focus on the ransomware attacks on state and local governments and consider some risk-reducing cybersecurity measures.
Blackbaud's FTC Deal: Delete Data, Amp Up Security
This week, let’s take a look at the Federal Trade Commission’s recent settlement with Blackbaud Inc, a service provider of software and services for more than 45,000 companies, and consider it as guidance on reasonable security measures and data retention practices.
How do you “Own” Data?
This week, let’s consider what “owning data” actually means — hint: It’s not what you may think.
The SEC's Twitter Account Compromise: Lessons and the Threat of SIM Swap Attacks
This week, let’s cover the cybersecurity incident that has shocked the U.S. Securities and Exchange Commission (SEC) and the Bitcoin market, and examine what companies can learn about securing their social media accounts and dealing with the threat of SIM swap attacks.
Streamlining Cybersecurity: DHS's Recommendations for Cyber Incident Reporting.
This week, let’s consider a report issued by the Department of Homeland Security (DHS) in September, addressing recommendations aimed at harmonizing cyber incident reporting for critical infrastructure sectors.
Could the SEC's Fraud Charges Against SolarWinds and its CISO Reshape Cybersecurity Oversight?
This week, we're taking a close look at and considering the implications of the recent lawsuit filed by the SEC against SolarWinds Corporation and its Chief Information Security Officer, which claims that they committed fraud and neglected to maintain adequate internal controls in their cybersecurity practices.
SEC Seeks Disgorgement from Virtu for Misleading Statements on Customer Data Protection
This week, let’s highlight the SEC’s recent civil action against Virtu Americas and its parent company, Virtu Financial, seeking disgorgement for misleading statements about data protection.
SEC Adopts New Cybersecurity Disclosure Rules for Public Companies
This week, let’s address the SEC’s recently adopted rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incidents by public companies. We’ll look at the mechanics, summarize the changes, highlight effective dates, and offer some thoughts.
Top 5 Questions for Directors Re: Cyber Governance
This week, let’s focus on effective cyber governance by the board of directors, and propose some questions that every director should ask to protect themselves and their organizations from cyber risk and personal liability.
Top 5 Questions Every CISO Should Ask
This week, let’s consider some questions that every Chief Information Security Officer should ask to protect themselves and their organizations from cyber risk and personal liability.
SolarWinds Executives May Face Personal Liability as SEC Issues Wells Notices
This week, executive cyber-liability issues continue to emerge, and here, we’re covering the related latest news in connection with the SolarWinds hack.
FTC Charges Genetic Testing Company 1Health.io with Privacy and Security Failures
This week, let’s consider the case against 1Health.io. It’s the latest FTC privacy enforcement action, and it is the first case focused on the privacy and security of genetic information.
Texas Data Privacy and Security Act
The Texas Data and Privacy Security Act is the latest comprehensive state privacy bill to be signed into law. Here, we’re summarizing it.
US Intelligence Community Is Buying “Commercially Available” Surveillance Data – What are the Implications?
This week, let’s consider a recently-declassified report issued by the Office of the Director of National Intelligence on the Intelligence Community’s purchase and use of sensitive “Commercially Available Information.”
Janus - Use of Facial Recognition Expanded by the TSA
This week, let’s consider the Janus-faced tension between privacy and security as the TSA expands its use of facial recognition technologies in airports (while keeping its privacy policy far from a model of completeness).
When Atlas Shrugs – FTC Faults Amazon for Alexa and Ring
This week, let’s highlight the latest privacy enforcement actions by the Federal Trade Commission — two cases against Amazon; and also discuss the developing trend of holding company executives directly responsible for data protection.
Royal Ransomware Strikes Dallas – What Can be Learned?
When a library website goes down, it should not also disable police services. Let’s reflect on what we can learned from the Royal ransomware attack on the City of Dallas.
Five Eyes Issues Guidance for the Deployment of “Smart City” Technologies
This week, let’s review the new “smart city” cybersecurity guidance issued by the Five Eyes intelligence alliance, and offer some perspective accrued over time as long as this guidance is overdue.
Cybersecurity Whistleblowers
This week, let’s highlight the recent uptick in cybersecurity whistleblowers, including those from the Dallas Independent School District and Twitter, and consider how to deal with cybersecurity whistleblower complaints.
Section 702, the Supreme Court, the European Parliament, and Congress
This week, we invoke Sherlock Holmes while discussing the latest news regarding Section 702 of the National Security Act, the GDPR and cross-border data transfers.