Here is one of the questions we get asked most often: “Ok, so we’ve had a real data breach and you say we have clear notification obligations, what can happen if we just ignore it and pretend it never happened — that is, we just don’t notify?” Unfortunately, this question is oftentimes coupled with this…
Tag: breach notification law
Uber’s CISO Makes Case for Uniform National Data Breach Notification Law
Uber’s Chief Information Security Officer (CISO), John Flynn, made a case for a uniform national data breach notification law in his testimony to members of Congress (see penultimate paragraph of full written testimony): I would like to conclude by stating that we strongly support a unified, national approach to data security and breach standards. We are…
State data breach notification law mishmash would get worse with proposed NC and SD legislation — is instant notification by clairvoyant next?
The push for a single uniform national data breach notification law gained strength in the wake of the Equifax breach. Now proposed legislation in North Carolina would amend its law in a way that would add momentum to this push. And, now South Dakota is tired of being one of only two states without a…
Why do data breach disclosures often take too long? Let’s ask the SEC Chairman.
In the wake of the Equifax and Securities and Exchange Commission’s data breach disclosures, there has been a lot of public outcry over the assertion that it took too long to disclose these data breaches to the public. “Too long” is a relative term, to start with, as I have little doubt that some people will…
Key Points of Delaware’s New Data Breach Notification Law
Delaware recently amended its data breach notification law to include the following requirements: Expanded definition of “personal information” to include biometric data, medical information, passport numbers, routing numbers for accounts, individual taxpayer identification numbers and usernames in addition to the traditional forms of PII such as birth date and social security numbers. Notice to affected…
National data breach notification law pros and cons? What do you think?
What are the pros and cons of a national breach notification law? What are the questions that need to be asked to facilitate this discussion? What are the critical points that need to be made?
Insider Misuse of Computers: No Big Deal? It Can Be a Data Breach, Ask Boeing
Insider misuse triggers a breach just like outside hackers. When a company’s information is compromised because of insider[1] misuse of computers or information, regardless of insider’s intentions, the result for the company and the data subjects of that information is often the same as if it were an attack by an outside adversary – it…
Yahoo Data Breach: US Senators Demand Answers – Still Think You Don’t Have to Disclose and Notify?
There is a grave and unfortunate misperception among many business leaders who believe that when their company has had a data breach, going through a response and notification of affected individuals is optional. To the educated readers of this blog, this sounds shocking. Sadly, it is something I see on a regular basis. What is worse…
Cybersecurity Legal Issues: What you really need to know (slides)
Shawn Tuma delivered the presentation Cybersecurity Legal Issues: What you really need to know at a Cybersecurity Summit sponsored by the Tarleton State University School of Criminology, Criminal Justice, and Strategic Studies’ Institute for Homeland Security, Cybercrime and International Criminal Justice. The presentation was on September 13, 2016 at the George Bush Institue. The following are the slides…
Cover the Basics for Securing Your Network — Shawn Tuma’s Book Contribution
Shawn Tuma authored a section for an eBook published by Fortinet Security. You can read Tuma’s section, Cover the Basics, as well as download the complete eBook at this link: Cover the Basics- by Shawn E. Tuma | MightyGuides.com
You must be logged in to post a comment.