Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: Security

Posted in Cybersecurity & Data Breaches

The FTC and Industry Propose Best Practices for IoT Security Updates

How do you ensure that an Internet-connected sensor or device—often inexpensive and designed for lifespans of up to 20 years or more—can be secured against not only the intrusions of today but also those of the future? This question has taken on new urgency as low-cost Internet-connected devices are increasingly being co-opted into massive networks, known as “botnets,” that are capable of causing widespread disruption.

Posted in Consumer Privacy, Cybersecurity & Data Breaches

FTC Issues Data Security Guidance and Announces Data Security Conferences

The Federal Trade Commission has published new guidance that “summarizes lessons learned” from the FTC’s 50-plus data security settlements while also announcing a series of data security conferences. In the new guidance titled “Start With Security: A Guide for Business,” the FTC acknowledges that the data security requirements contained in the settlements apply only to the affected companies. However, the settlements—and the FTC’s distillation of them—reveal regulatory expectations and identify risks that can affect companies of all types and sizes. In this post, we summarize the FTC’s new guidance and provide details on the FTC’s data security conferences happening this fall.

Posted in Consumer Privacy

California AG Sends Enforcement Letter to Developers of Popular Mobile Apps

On Tuesday, October 30, the California Attorney General Kamala Harris announced that her office has begun “formally notifying” mobile device application (“app”) operators that they are out of compliance with the notice provisions of the California Online Privacy Protection Act of 2003 (“CalOPPA”). The letters are a reminder that app developers and their partners should review their app data privacy and security practices and ensure that any apps collecting PII comply with the CalOPPA requirements, as well as other applicable Federal and state laws.

Posted in Consumer Privacy, Cybersecurity & Data Breaches, International/EU Privacy, News & Events

Right To Be Forgotten and Data Security Featured in Research Conference on Communication, Information and Internet Policy

On September 22, scholars gathered at George Mason University to present research papers on the right to be forgotten, HTTPS security, accessing data in the cloud, and “option value” as applied to privacy choices. This blog entry summarizes the program and links to the insightful papers.

Posted in Consumer Privacy

California PUC Issues Proposed Decision on Smart Grid Privacy

On May 6, 2011, the Californian PUC (CPUC) issued a proposed decision [[link]]] by CPUC President Peevey addressing smart grid privacy and security. The proposed decision is part of a longstanding proceeding we first discussed [here]. The proposed decision represents a significant step towards the first set of specific smart grid privacy rules in the United States during a time that smart grid privacy is attracting increasing global attention. For example, as discussed in the Chronicle of Data Protection post on April 18, 2011, the European Union’s Article 29 Working Party issued smart meter guidelines last month.

Posted in Cybersecurity & Data Breaches

European Network and Information Security Agency (ENISA) Issues Cloud Computing Guidance

The European Network and Information Security Agency (ENISA) has just published a paper on cloud computing, which discusses the benefits and risks of cloud computing from a security perspective. The paper also includes recommendations for improving information security in the context of cloud computing and provides a – in our view very helpful – set of questions that organizations can use to assess whether or not providers of cloud computing services are sufficiently protecting the data entrusted to them.

Posted in Cybersecurity & Data Breaches

UPS Ltd Subject of UK Data Security Enforcement

UPS Ltd has joined the ever-increasing number of companies featuring in the ‘Enforcement’ section of the UK Information Commissioner’s website, for failing to ensure the adequate security of personal data, which was held on an unencrypted laptop. Security is one of the key data protection principles set out in Schedule 1, Part 1, of the […]

Posted in Cybersecurity & Data Breaches

Possible Health Information Trend in State Data Protection Statutes

With the compliance date for the federal health data breach notifications in the HITECH Act looming, more states are amending their data breach notification statutes to cover health information. The possible trend is evident in the newly-enacted laws of three states – Missouri, New Hampshire and Texas – all of which have been enacted since June 2009.  […]