The Federal Trade Commission (FTC) is making good on its promise earlier this year to provide lessons and practical guidance from data security investigations. The FTC is publishing a series of blog posts under the theme “Stick with Security,” which will build on the principles in its previous Start with… Read the rest
Nuance’s decision to not report the NotPetya attack to federal regulators puts an interesting twist on the premise whether ransomware is a reportable data breach.
The Department of Health and Human Services (HHS) issued guidance about a year ago on ransomware qualifying as a reportable breach under HIPAA rules. Since… Read the rest
If your company has a website, take note: Nevada enacted the nation’s third online privacy notice law.
Following the example set by California and Delaware, these laws generally require online notices to inform consumers on how their information is collected, what types of information is collected, and with whom it… Read the rest
SEC’s Office of Compliance Inspections and Examinations (OCIE) wrapped up their latest round of cybersecurity examinations. The recently issued report – “Observations from Cybersecurity Examinations” – offers the subsequent findings related to financial firms’ cybersecurity practices.
OCIE Cybersecurity 2 Initiative
OCIE launched their Cybersecurity 2 Initiative following the… Read the rest
The Information Commissioner’s Office (ICO) assessed a £100,000 fine on TalkTalk after data from 21,000 customers was accessed by rogue third-party employees.
Customers started calling TalkTalk in 2014 to complain about scam calls. Telephone scammers used company data to target TalkTalk customers in their tech support scams. Scammers… Read the rest
The Financial Industry Regulation Authority (FINRA) published a series of three videos to highlight and provide guidance on common cybersecurity issues facing broker-dealers and investment advisors.
FINRA compiled the video series in response to cybersecurity deficiencies noted during examinations of member firms. The videos also offer several mitigation measures to… Read the rest
Broker-dealers and investment advisors are faced with increasing regulations regarding their cybersecurity practices. The Colorado Division of Securities recently adopted cybersecurity legislation for state-regulated financial institutions.
The regulations apply to broker-dealers purchasing securities and investment advisors conducting business in the state. Guidelines and a standard of reasonable cybersecurity practices have… Read the rest
Nationwide settled their 2012 data breach investigation with 32 state attorneys general to the tune of $5.5 million. The settlement includes several security practices Nationwide is required to incorporate going forward.
Nationwide suffered a breach in October 2012 leading to the unauthorized access and exfiltration of personal information… Read the rest
After the WannaCry outbreak heard ‘round the world, Siemens is working to bolster the security of its medical products.
Practical TIP: If your healthcare practice is using Siemens products, review the notes and advisories below to ensure your devices aren’t left vulnerable to attack.
Headquartered in Munich, Germany,… Read the rest
It’s common for companies to assume that data breach lawsuits will be dismissed at the earliest stages of litigation. We’ve seen this happen when consumers are unable to prove standing to sue.
In short, you must actually have injuries that can be redressed by a court order in order for… Read the rest