Tag Archives: network security

Data Privacy and Network Security Alert: Can you keep a secret?

President Obama recently announced the Administration’s Strategy on Mitigating the Theft of U.S. Trade Secrets emphasizing the importance of protecting trade secrets. While the Strategy primarily involves government, there are important implications for the private sector. Specifically, the Strategy encourages the development of best practices by industry groups, improvements in domestic legislation review and increases in the resources available to small and medium businesses.

The Strategy cites research suggesting that “the pace of economic espionage and trade secret theft against U.S. corporations is accelerating.” It then outlines a strategy to coordinate and improve U.S. Government efforts to stop the theft of trade secrets by foreign competitors or foreign governments by any means – cyber or otherwise, including these measures:

Read full article

Data Privacy and Network Security Alert: Data breach survey results

The results of a 2012 Consumer Study on Data Breach Notification was recently released by Ponemon Institute and Experian Data Breach Resolution. The purpose of the study was to gain a better understanding of consumers’ opinions relative to the importance and value of receiving notification when their confidential personal information (PI) has been compromised. The study surveyed 2,832 consumers 18 years and older with 708 respondents recalling whether or not they received a data breach notification. Below is a summary of key findings from the study:

Read full article

Data Privacy and Network Security Alert: Massive Data Breach at Credit Card Processing Company

Visa, MasterCard and Discover have notified their issuing banks of a recent security breach at the seventh largest credit card processing company, which could affect up to 10 million cardholders. The breach occurred at Global Payments, Inc., an Atlanta-based company that assists the major credit card companies in processing transactions for merchants. Initial reports indicate that the breach occurred between January 21, 2012 and February 25, 2012, and the intrusion may be connected to Dominican street gangs in and around New York City. When news of the breach broke, Global Payments’ stock plunged as much as 14 percent and trading was halted on its stock. Global Payments has said that credit card data may have been stolen, but that cardholder names, addresses and social security numbers were not obtained. Both Visa and MasterCard have indicated that their own systems had not been compromised. 

Read full article

Data Privacy and Network Security Alert: 3 new state data breach notification statutes

California

As of January 1, 2012, California has amended its data privacy statute requiring significantly more information to be included in data breach notification letters to California residents. When an entity suffers a breach of personal information (PI), Section 1798.82 of the California Civil Code now requires that the notification shall:

  • Be made in the most expedient time possible, but without unreasonable delay
  • Be written in plain language
  • Include the name and contact information of the reporting person or business
  • Include a list of the types of personal information that were or are reasonably believed to have been the subject of a breach
  • Include the date of the breach (if known at the time of notification)
  • Indicate whether notification was delayed as a result of a law enforcement investigation
  • Include a general description of the breach incident
  • State the toll-free telephone numbers and addresses of the major credit reporting agencies if the breach exposed a Social Security number or a driver’s license or California identification card number
Read full article

Data Privacy and Network Security Alert: And then there were four

Mississippi has joined the majority of other states and now has a law that governs an organization’s obligations should it suffer a data breach relative to Personal Information (PI) of a Mississippi resident. Only four states in the United States have not passed similar legislation – Alabama, Kentucky, New Mexico and South Dakota.

Similar to many other state data breach notification laws, the obligation falls on any organization which owns, licenses or maintains PI of any resident of Mississippi.  Like others, Mississippi defines PI as an individual’s first name or first initial and last name along with Social Security number, driver’s license number or financial account number or credit card number (along with the required security or access code).

Read full article

Data Privacy and Network Security Alert: A flurry of federal data security and data breach notification bills introduced into Congress

Recent high profile data breaches and increased attention to the protection of consumers’ personal information has intensified the momentum towards enactment of a federal data security and data breach notification law. Currently 46 states and the District of Columbia have enacted data breach notifications with drastically different requirements and policies. Within the last few months, Congress has been inundated with national data security bills outlining an organization’s obligations when it suffers a data breach. Unfortunately, the proposed federal bills would, in many instances, further complicate an entity’s obligations upon a breach.

Among the numerous federal data security bills introduced, the following four are most recent and significant:

Read full article

Data Privacy and Network Security Alert: Attorneys General continue to increase legal standards for data privacy compliance

Many have written about it and several have contemplated it — whether states will adopt private data security standards, such as the Payment Card Industry Data Security Standards (PCI DSS), and use them as legal standards that owners and holders of personal information (PI) must comply with. That’s exactly what the Massachusetts Attorney General did when it recently filed suit against Briar Group, LLC and alleged, among several other things, that Briar was not PCI compliant at the time of its data breach in November 2009, affecting 53,000 MasterCard and 72,000 Visa accounts.

PCI DSS are private data security standards created by the Payment Card Industry Security Standards Council that apply to all organizations collecting credit cards. The Complaint alleged that Briar’s failure to implement basic data security measures on its computer system allowed hackers to gain access to Briar’s customers’ credit and debit card information. 

Read full article