Mark Rasch

Mark Rasch is a lawyer and computer security and privacy expert in Bethesda, Maryland. where he helps develop strategy and messaging for the Information Security team. Rasch’s career spans more than 35 years of corporate and government cybersecurity, computer privacy, regulatory compliance, computer forensics and incident response. He is trained as a lawyer and was the Chief Security Evangelist for Verizon Enterprise Solutions (VES). He is recognized author of numerous security- and privacy-related articles. Prior to joining Verizon, he taught courses in cybersecurity, law, policy and technology at various colleges and Universities including the University of Maryland, George Mason University, Georgetown University, and the American University School of law and was active with the American Bar Association’s Privacy and Cybersecurity Committees and the Computers, Freedom and Privacy Conference. Rasch had worked as cyberlaw editor for SecurityCurrent.com, as Chief Privacy Officer for SAIC, and as Director or Managing Director at various information security consulting companies, including CSC, FTI Consulting, Solutionary, Predictive Systems, and Global Integrity Corp. Earlier in his career, Rasch was with the U.S. Department of Justice where he led the department’s efforts to investigate and prosecute cyber and high-technology crime, starting the computer crime unit within the Criminal Division’s Fraud Section, efforts which eventually led to the creation of the Computer Crime and Intellectual Property Section of the Criminal Division. He was responsible for various high-profile computer crime prosecutions, including Kevin Mitnick, Kevin Poulsen and Robert Tappan Morris. Prior to joining Verizon, Mark was a frequent commentator in the media on issues related to information security, appearing on BBC, CBC, Fox News, CNN, NBC News, ABC News, the New York Times, the Wall Street Journal and many other outlets.

California Federal Court Weighs In (Again) on Social Media Scraping

Social media sites such as Facebook and LinkedIn have collected personal information on hundreds of millions of subscribers. They have…

4 days ago

Hang up the Phone: MFA’s Insecure Reliance on SMS

It’s hard enough to get people to use multi-factor authentication (MFA)—you know, something you know, you have and you are.…

3 weeks ago

Court Greenlights Accenture/Marriott Breach Suit

A court has ruled that Accenture, as a service provider to Starwood, owed a duty to prevent data breaches to…

1 month ago

VA High Court: License Plate Database Not Personal Data

Regulations related to the collection, storage and use of personal data don’t apply to the collection of license plate readings,…

1 month ago

Incident Response: Pay a Ransom, Go to Jail

Companies that find their files, data or networks locked by a malicious actor demanding an extortion payment now have a…

2 months ago

The High Cost of Reporting a Non-Reportable Data Breach

Can a company be sued for reporting a data breach in which the data was never used and destroyed? In…

2 months ago

U.S. Requires Servers to Ban TikTok, WeChat Traffic

On Sunday, Sept. 20, Chinese company ByteDance’s TikTok and WeChat die. President Trump’s executive order, which prohibits any “transactions” with…

3 months ago

Is a Ransomware Attack a Reportable Data Breach?

One question that vexes security engineers, incident responders and lawyers is whether a ransomware attack constitutes a reportable data breach…

3 months ago

Garbage In, Gospel Out: The Security Problem of Data Accuracy

The accuracy or integrity of data is only as good as its source In two separate incidents, one in Colorado…

4 months ago

TikTok and National Security: The Need for a Comprehensive U.S. Privacy Law

Last week, President Donald Trump threatened to ban the popular social media platform TikTok, whose corporate owner is a Chinese…

4 months ago