In the wake of the Equifax and Securities and Exchange Commission's data breach disclosures, there has been a lot of public outcry over the assertion that it took too long to disclose these data breaches to the public. "Too long" is a relative term, to start with, as I have little doubt that some people will [...]
Delaware recently amended its data breach notification law to include the following requirements:Expanded definition of "personal information" to include biometric data, medical information, passport numbers, routing numbers for accounts, individual taxpayer identification numbers and usernames in addition to the traditional forms of PII such as birth date and social security numbers.Notice to affected individuals within [...]
What are the pros and cons of a national breach notification law? What are the questions that need to be asked to facilitate this discussion? What are the critical points that need to be made?
Insider misuse triggers a breach just like outside hackers. When a company’s information is compromised because of insider misuse of computers or information, regardless of insider’s intentions, the result for the company and the data subjects of that information is often the same as if it were an attack by an outside adversary – it [...]
There is a grave and unfortunate misperception among many business leaders who believe that when their company has had a data breach, going through a response and notification of affected individuals is optional. To the educated readers of this blog, this sounds shocking. Sadly, it is something I see on a regular basis. What is worse [...]