Uber’s Settlement With FTC Emphasizes Companies’ Need for Cyber Risk Management Programs

The FTC and Uber have settled the enforcement action the FTC brought against the company. This action stems from Uber's data breach of more than 100,000 individuals' PII despite its promises that their data was "securely stored within our databases." The FTC found this promise was misleading when compared with the actions the company was [...]

Invitation for 2 Webinars: Protecting Data Exchanged in Discovery and Securing IoT Data

I thought you may like an invitation to attend two complimentary webinars that I will be doing this coming week: YOURS, MINE, OURS: Protecting the Data Gathered and Exchanged in Litigation, Association of Certified E-Discovery Specialists (ACEDS) Monday, August 7, 2017 @ 12:00 CDT LINK for more information FULL VIDEO (see below) Securing IoT Data: Compliance, [...]

Does the U.S. Need a Data Protection Authority? (a few of my thoughts)

I had a wonderful discussion about privacy in the US vis-a-vis privacy in the EU with Katherine Teitler (@katherinert15) in connection with her MIS Training Institute article Does the U.S. Need a Data Protection Authority? As with most things, I do not propose to have all of the answers. In fact, in our hour or [...]

Are Smaller Healthcare Practices Required to Report a Ransomware or Potential Data Breach?

Does the HIPAA Breach Notification Rule apply to all Covered Entities and Business Associates, Even Smaller Ones? To many of you reading this post this question seems ridiculous. You know the answer. However, I get asked this question so frequently that I decided to answer it with a blog post to save time next time [...]