Musings about the Equifax Data Breach

This is intended to be an old-fashioned "blog" about thoughts on the Equifax data breach. It will be ongoing so please check back regularly. Topics Media interviews and commentary We are seeing shame hacking taken to a new level Will I lead a consumer class action lawsuit against Equifax? Lawsuits and investigations against Equifax What [...]

Incident Response – 3 Takeaways from the Equifax Breach

The SecureWorld News Team talked with Shawn Tuma about many of the lessons that can be learned from the Equifax data breach and winnowed it down to the following 3 takeaways that are discussed more thoroughly in the article: We need a uniform national breach notification law in the United States. When it comes to [...]

Key Points of Delaware’s New Data Breach Notification Law

Delaware recently amended its data breach notification law to include the following requirements:Expanded definition of "personal information" to include biometric data, medical information, passport numbers, routing numbers for accounts, individual taxpayer identification numbers and usernames in addition to the traditional forms of PII such as birth date and social security numbers.Notice to affected individuals within [...]

3 More Key Cybersecurity Takeaways General Counsel Should Learn Learn from Yahoo

A good friend recently shared with me the article Verizon GC on the Lessons Learned from Deal with Yahoo (use Linkedin for paywall access) because he thought it would be valuable information to add to my own cybersecurity knowledge toolbox. Given the experience Verizon’s GC has gained through this process, when he talks about lessons […]

National data breach notification law pros and cons? What do you think?

What are the pros and cons of a national breach notification law? What are the questions that need to be asked to facilitate this discussion? What are the critical points that need to be made?