National data breach notification law pros and cons? What do you think?

What are the pros and cons of a national breach notification law? What are the questions that need to be asked to facilitate this discussion? What are the critical points that need to be made?

Are Smaller Healthcare Practices Required to Report a Ransomware or Potential Data Breach?

Does the HIPAA Breach Notification Rule apply to all Covered Entities and Business Associates, Even Smaller Ones? To many of you reading this post this question seems ridiculous. You know the answer. However, I get asked this question so frequently that I decided to answer it with a blog post to save time next time [...]

Insider Misuse of Computers: No Big Deal? It Can Be a Data Breach, Ask Boeing

Insider misuse triggers a breach just like outside hackers. When a company’s information is compromised because of insider[1] misuse of computers or information, regardless of insider’s intentions, the result for the company and the data subjects of that information is often the same as if it were an attack by an outside adversary – it [...]

WikiLeaks and CIA’s Russian Hacking Tools & Techniques: Was it really the Russians?

In the wake of WikiLeaks' Vault7 release of documents revealing the CIA's hacking tools, I must revisit a key section of a post from September 2016. The section was about the convenience of blaming "the Russians" given the craze of attributing everything wrong in the cyber world to the seemingly omnipresent "Russians." See: “SHAME HACKING” [...]

Verizon Requires $350 Million Discount and Yahoo Share in Data Breach Liability — Good Deal?

UPDATE: Yahoo Shareholders Sue Over Massive Data Breaches (Law 360 paywall) Verizon and Yahoo have renegotiated their deal in the wake of Yahoo's revelations of its past data breaches. Verizon had agreed to pay $4.8 billion for Yahoo's Internet business in July 2016, but that was before Yahoo disclosed that it had two of the largest data [...]