Category Archives: Data Breach

Employee Retaining Stored Patient List on Personal Laptop Triggers Data Breach Obligation

An employee of East Bay Perinatal Medical Associates in Oakland, CA, retained on his personal laptop, a patient list that he had prepared as part of his job. The list did not contain PHI information but it did contain PII information. The Berkley Police discovered the list during an unrelated investigation and notified EBPMA that it …

Continue reading “Employee Retaining Stored Patient List on Personal Laptop Triggers Data Breach Obligation”

Employee Viewing Information Without Authorization Triggers Data Breach Notification Obligation for Credit Union

An employee of Golden State Credit Union viewed member account information, containing Personally Identifiable Information (PII), without having the requisite authority to view such accounts. This action — alone — was sufficient to trigger the notification requirement of the California data breach notification law, at great expense and frustration for the Credit Union, which offered …

Continue reading “Employee Viewing Information Without Authorization Triggers Data Breach Notification Obligation for Credit Union”

Rocky Dhir Interviews Shawn Tuma About Cybersecurity for Lawyers at State Bar of Texas 2015 Annual Meeting

I had the wonderful opportunity to visit with and get to know Rocky Dhir (@rockydhir) at the State Bar of Texas 2015 Annual Meeting in San Antonio. Rocky is the Founder and CEO of Atlas Legal Research, LP (@atlaslegal), “the world’s leading legal outsourcing company.” Rocky and I did a brief interview where we talked …

Continue reading “Rocky Dhir Interviews Shawn Tuma About Cybersecurity for Lawyers at State Bar of Texas 2015 Annual Meeting”

Why every CIO needs a cybersecurity attorney (my comments on why this is my favorite article ever)

Wow, this article seriously just made my day. I will apologize in advance to my friend and CSO writer and Michael Santarcangelo (@catalyst), but this may very well be my favorite article — anywhere — of all time! And, thank you, Tom Hulsey (@TomHulsey), for sharing it with me! As for you, Ms. Kacy Zurkus (@KSZ714), all I can …

Continue reading “Why every CIO needs a cybersecurity attorney (my comments on why this is my favorite article ever)”

Why Your Company Needs a Breach Response Plan: Key Decisions You Must Make Following A Data Breach

Companies must be prepared for a data breach. It is just a fact of life, plain and simple. The developing standard of care requires that companies give some thought to how they will respond when the inevitable occurs — and they really, really, really should have a written Incident Response Plan in place. This is part …

Continue reading “Why Your Company Needs a Breach Response Plan: Key Decisions You Must Make Following A Data Breach”

Cybersecurity & Data Breach: You Don’t Drown From Falling Into the Water

“You don’t drown from falling into the water, you drown from not getting out.” Think about that — and think about how that applies to cyber security and data breach issues facing companies in today’s cyber world. Here, in my first ever video blog post, I explain this issue with more detail.

Businesses Beware: You need to understand and adopt EMV / Chip-and-PIN Technology

“Visa, MasterCard, Discover, American Express and their banking partners have set a government-enforced deadline of Oct. 15 for a “liability shift” that, for the first time, would make merchants liable for fraudulent charges that result from using point-of-service readers that can’t read chip-and-pin EMV cards. The issuers have been implementing the technology, but it’s still …

Continue reading “Businesses Beware: You need to understand and adopt EMV / Chip-and-PIN Technology”

Presentation tomorrow – Collin County Bar Ass’n Corporate Counsel Section – here’s the question:

“What do I talk about?” No, it’s not that I don’t have anything to say — for goodness sakes, you all know that I always have something to say! The problem I am having is that I had planned to talk about cyber risk compliance and the key elements of what a good cyber risk …

Continue reading “Presentation tomorrow – Collin County Bar Ass’n Corporate Counsel Section – here’s the question:”

Really??? Proposed legislation would allow companies to keep some data breaches secret

Let me make sure I have this right … the same company officials who are currently being warned about cyber risk but are not finding it significant enough to act are going to be the ones who determine whether there is a reasonable chance that customers will be harmed — from their data breach — …

Continue reading “Really??? Proposed legislation would allow companies to keep some data breaches secret”

“This is not a security breach.” Really? IRS hit by cyberattack, thousands of taxpayers’ information stolen

Compare and contrast the following statements: “Thieves managed to steal information on more than 100,000 taxpayers from the IRS,” Commissioner John Koskinen said Tuesday “’This is not a security breach. Our basic information is secure,’” Mr. Koskinen insisted. Well, I am glad to know that stealing consumer data from the computer of an entity to …

Continue reading ““This is not a security breach.” Really? IRS hit by cyberattack, thousands of taxpayers’ information stolen”