Yahoo and Verizon Sweeten Their Settlement Offer by $30 Million + Staffing/Budget Commitments
In 2013, 2014 and 2016, Yahoo suffered a series of data breaches. Yahoo reports that the largest one, in August 2013, affected all three billion user accounts then in existence worldwide. The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, passwords encrypted with ... Read More
Smarter Vendor Security Assessments: Tips to Improve Response Rates
I have been on the receiving end of many vendor security assessments from customers and prospects. Here are some tips to increase the likelihood that you’ll get a timely, usable response to the next vendor security assessment that you send out. Understand what data you will be providing One size ... Read More
Supply Chain Security – Sex Appeal, Pain Avoidance and Allies
Every security professional and every privacy professional understands that supply chain security is as important as in-house security. (If you don’t understand this, stop and read Maria Korolov’s January 25, 2019 article in CSO, What is a supply chain attack? Why you should be wary of third-party providers.) So how ... Read More
California IoT Security Law: A Nearsighted, Toothless Guard Dog or a Wolf in Sheep’s Clothing?
With three new sections added to the California Civil Code, California became the first U.S. state with a cybersecurity law specifically for internet-connected devices on September 28, 2018. The new Security of Connected Devices law will take effect on January 1, 2020. The Basics The new law requires manufacturers of ... Read More
The Right to Repair Your Electronics Just Got Stronger
In 1998, Congress unanimously passed the Digital Millennium Copyright Act (“DMCA”) to implement two international copyright treaties. Among other provisions, the DMCA addresses the use of technical measures (digital rights management or DRM) that control access to copyrighted works. The new provisions impose fines and criminal penalties for: circumventing DRM ... Read More
Net Neutrality Regulation – Does the Past Predict the Future?
The debate over the degree of regulation of broadband Internet providers in the U.S. has been going on almost as long as broadband Internet service has been available. In 2004, the U.S. Federal Trade Commission (FTC) first described a set of non-discrimination principles to ensure that users had access to ... Read More
Is the End of the EU-US Privacy Shield in Sight?
European Union data protection law restricts the transfer of EU-origin personal data to countries outside the European Economic Area unless there is a mechanism in place to ensure an adequate level of protection of the personal data. In 2000, the European Commission approved the EU-SU Safe Harbor Privacy Principles that ... Read More
The California Consumer Privacy Act of 2018 (AB 375): What You Need to Know
On June 28, California passed a sweeping data privacy law after only one week of work. Unless AB 375 (the California Consumer Privacy Act of 2018) is amended before its January 1, 2020, effective date, the law will be the strictest data privacy law in the United States, and will ... Read More
ICANN Still Working on Interim Compliance Model for GDPR
The Internet Corporation For Assigned Names and Numbers (ICANN) is still in the process of developing an interim compliance model to address concerns surrounding GDPR. In an earlier blog post, I mentioned that ICANN was scheduled to meet with European Union data privacy authorities this week to try to get ... Read More
Blockchain and GDPR: Between a Block and a Hard Place
Blockchain and other emerging distributed ledger technologies offer the promise of increased security, transparency and resilience based on the use of distributed, immutable records. At the same time, the European Union General Data Protection Regulation (GDPR), which takes effect May 25, 2018, governs the use and protection of personal data ... Read More
