On Cyber Monday 2016, consumers made e-commerce history by spending more than $3.4 billion online. It’s easy to see why. Retailers bombard shoppers from all angles – email, in-app alerts, and text messages. While the deals may be real, hackers prey on the innocents’ quest for bargains, and their… Read the rest
The Article 29 Working Party, a European advisory body designed to provide expert advice on data protection to EU state members, recently adopted guidelines (Guidelines) concerning Data Protection Impact Assessments (DPIA) and determining whether a processing activity is “likely to result in a high risk.”
Under the… Read the rest
The October newsletter (Newsletter) from the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) focused on protecting PHI when using mobile devices like smart phones and tablets. The Newsletter reminds entities regulated by HIPAA that mobile devices must be included in their enterprise-wide risk analysis and… Read the rest
In the wake of recent headline-grabbing data breaches (I’m looking at you Equifax), New York has announced plans to raise data security standards for those companies that hold personal information of New York residents.
According to the November 2, 2017 announcement, in 2016, New York received 1,300 data breach notifications… Read the rest
A recent study revealed that 9% of email delivered by Office 365 to users was spam, phishing, and malware attachments. In the study, Cyren, a threat intelligence firm, analyzed emails from September to early October and found some surprising results.
Of the 10.7 million emails analyzed, researchers found over 950,000… Read the rest
Maryland joins the growing numberof states to (among other changes) expand the definition of personal information and shorten the breach notification timeline.
The reason? To better protect consumer rights by imposing more stringent notification obligations and expanding the scope of the state’s breach notification requirements.
Some of the major… Read the rest
The General Data Protection Regulation (GDPR), a broad-sweeping EU privacy law, was designed to increase an individual’s right to control his or her personal data. Even if your company has no physical presence in the EU, if it offers goods or services in Europe, or processes personal data belonging… Read the rest
On October 18, 2017, the European Commission (Commission) published its first annual report on the functioning of the EU- U.S. Privacy Shield (Privacy Shield). The report stated the Privacy Shield continues to ensure an adequate level of protection of the personal data transferred from the EU to participating U.S. companies.… Read the rest
Intel, Samsung and other major industry players have released a report outlining policy recommendations for the U.S. government including the adoption of a strategy to promote investment, development, and widespread utilization of the Internet of Things (IoT). These “recommendations seek to lay the foundation to drive scalable U.S. IoT infrastructure… Read the rest
A vulnerability in the security standard that protects all modern Wi-Fi networks (WPA2) was recently uncovered. Here’s what you need to know and do to protect yourself.
What is it?
The vulnerability is named KRACK (Key Reinstallation AttaCK) and it targets the cryptographic handshake used when your device connects