Thank you, Jamie Sorley! I have a few sayings about cybersecurity and data privacy but one of my favorites is “data is the hot potato!” When doing presentations, I love to have the attendees chant over and over in unison, “Data is the hot potato! Data is the hot potato! Data is the hot potato!”…
Tag: FTC
Helpful FTC Guidance on Cybersecurity for Small and Midsize Companies
It is important for all companies — especially small and midsize companies — to have a basic understanding of what the FTC considers to be reasonable cybersecurity. The FTC is known for being one of the more aggressive regulators that are investigating and enforcing (what it views as) inadequate cybersecurity by companies doing business in the United States….
Please share this!
Uber’s Settlement With FTC Emphasizes Companies’ Need for Cyber Risk Management Programs
The FTC and Uber have settled the enforcement action the FTC brought against the company. This action stems from Uber’s data breach of more than 100,000 individuals’ PII despite its promises that their data was “securely stored within our databases.” The FTC found this promise was misleading when compared with the actions the company was…
Please share this!
Ashley Madison & FTC Settle Data Breach Case – Does Your Company Have These Cybersecurity Shortcomings?
Ashley Madison and the FTC announced a settlement of the investigation into the breach data breach of 36 million AshleyMadison.com users that was being pursued by the FTC and several states’ attorneys general. The cost to Ashley Madison is substantial: a total judgment of $17.5 million (though only $1.6 million is currently due because of…
Please share this!
Cybersecurity Legal Issues: What you really need to know (slides)
Shawn Tuma delivered the presentation Cybersecurity Legal Issues: What you really need to know at a Cybersecurity Summit sponsored by the Tarleton State University School of Criminology, Criminal Justice, and Strategic Studies’ Institute for Homeland Security, Cybercrime and International Criminal Justice. The presentation was on September 13, 2016 at the George Bush Institue. The following are the slides…
Please share this!
Cybersecurity Legal Year in Review – #DtSR Podcast
Do not miss this podcast discussing key cybersecurity legal events from 2015. Shawn Tuma joined the DtSR Gang [Rafal Los (@Wh1t3Rabbit), James Jardine (@JardineSoftware), and Michael Santarcangelo (@Catalyst)] on the Down the Security Rabbit Hole podcast. In this episode… Most important cybersecurity-related legal developments of 2015 Tectonic Shift that occurred with “standing” in consumer data…
Please share this!
Wyndham and FTC settle data breach dispute — Wyndham got 20 years
On December 9, 2015, the FTC announced that it and Wyndham Hotels had settled their long-running dispute that led to an opinion from the Third Circuit Court of Appeals confirming the FTC’s authority to regulate cybersecurity. The gist of the settlement is that, for the next 20 years, Wyndham must do the following: obtain annual…
Please share this!
FTC v. LabMD: I always give ’em a fair trial before I hang ’em.
The legal findings in FTC v. LabMD. LabMD was vindicated by the November 15, 2015 Initial Decision in FTC v. LabMD (the Decision). In the Decision, the Chief Administrative Law Judge (ALJ) ordered the FTC to dismiss its Complaint against LabMD based on the following findings as to LabMD’s 2008 “data breach”: There was “no evidence that…
Please share this!
FTC v. Wyndham Worldwide Solidifies the FTC’s Role in Regulating Cybersecurity
The FTC has authority to regulate cybersecurity under the unfairness prong of § 45(a) of the Federal Trade Commission Act and companies have fair notice that their specific cybersecurity practices could fall short of that provision. F.T.C. v. Wyndham Worldwide Corp., 799 F.3d 236 (3rd Cir. Aug. 24, 2015). Here are a few key points…
Please share this!
FTC Gives Good Reason to Not (Try to) Hide Data Breaches
Why do I need to report a data breach? This is a common question that business owners ask me all of the time. In response, I rattle off a laundry list of reasons why reporting is not optional — but mandatory. This includes ethical stewardship and obligations, business and public relationship reasons, and finally legal…
You must be logged in to post a comment.