Monthly Archives: October 2015

New Issue: Data Security. Insurance. Indemnification. 3rd Party Contractors.

Indemnification Clauses in Insurance Cybersecurity policies should do 3 things:

  • Be clear which entities are covered, none of this any and all other related entities mumbo jumbo
  • Explicitly state details like whether “indemnity for third parties extends beyond the policy’s expiration date”
  • Be flexible to constantly evolving laws and case law

Business Insurance | Precise policy language needed to cover affiliated businesses

Campaigns. Low Data Security. Liability Risk. 3 Reasons Why.

  • Campaigns have no legal obligation to protect personal information data that they gather.
  • Campaigns have a trove of information from credit cards, answers to personal profile questions, and personal identification
  • Its unclear which agency would regulate and enforce campaign data security

The Hill  How presidential campaigns could be putting your data at risk

76% of IT Decision Makers would Move Data Centers out of the US over Privacy.

Who was surveyed? 1000 IT decision makers across the UK and US

What did 76% say? 76% would “move their organization’s data to another country as a result of privacy concerns”

The privacy concern of businss: government snooping

How do the CEOs feel? 29% have moved data security to the top of the corporate agenda

Where are they moving their data storage? To Switzerland and Canada

The Data Center Journal | Information Exodus: 76% of IT Decision Makers Would Move Their Data to…

3 Recommendations to Minimize Liability in Outsourced Data Security. Hello Vendors.

  • “include specific data security procedure obligations in contracts with vendors

  • verify a vendor’s capacity to adhere to the prescribed data security procedures

  • look at data security practices from an expert’s perspective to determine whether such practices are reasonable”

National Law Review | Piercing Outsourcing Veil: FTC Says Data Security Obligations Remain 

U.S. Chamber on Data Security. 3 Points.

  • A patchwork of state laws is hard on business
  • Requires a single regulatory agency
    • Currently the FTC, FCC & state agency wrangle over regulatory authority
  • Clear legal standards on what constitute harm from a data breach

U.S. Chamber Institute for Legal Reform | A Perilous Patchwork: Data Privacy and Civil Liability in the Era of the Data Breach

Lege Trend: Data Security Bill Passes over Tech Objections. 3 Pros. 3 Opposition Points.

The U.S. Senate passed Cybersecurity Information Sharing Act on a vote of 74-21 this week.

Tech Companies continue their opposition. The main bones of contention:

  • Mechanism for sharing of cyber-threat information does not sufficiently protect users’ privacy ”  (Computer & Communications Industry Assoc.)
  • “[ Does not ] appropriately limit the permissible uses of information shared within the government” (Computer & Communications Industry Assoc.)
  • “Privacy-shredding” bill “in…

Federal Cyber Security Bill. 3 Points to Know Now. Which Businesses are on which side?

  • The Cybersecurity Information Sharing Act passed the U.S. Senate on Thursday, October 22nd.
  • Major Tech companies (Apple, DropBox) are opposed
  • National Retail Federation support amendment to CISA that offer liability protection for business that share threat data with the FBI and Secret Service, and not just the Department of Homeland Security.

Washington Post | Cybersecurity bill advances in Senate, but hurdles remain

National Retail Federation | Borad based Coalition Supports Cotton…

Regulatory Trend: Cybersecurity & Connected Cars. (Wifi Cars, not Trains)

What agency is talking cybersecurity & cars? The FTC

What committee heard from the FTC? Subcommittee on Commerce, Manufacturing and Trade of the House Energy and Commerce Committee

What did the FTC testify to?

  • FTC is the “the nation’s lead privacy and data security enforcement agency”
  • Proposed legislation is weaker than the FTC rulemaking on “connected cars”
  • Proposed safe harbor for auto manufacturers that submit privacy policies to the Department of Transportation was too…

5 Ways Federal CyberSecurity Bill will Impact Health Care

  • It will “create a framework that would allow different healthcare entities to exchange information regarding cybersecurity”
  • Allow for the exchange of  various potential threats
  • Allow health care entities to share best practice security measures
  • Cybersecurity bill would make the health care cybersecurity netowrk available to both private and federal healthcare entities
  • Healthcare Information and Management Systems Society supports the bill

Health IT Security | Senate Pursues…

East Coast State Has Potential Medicaid Data Breach

What happened and where? North Carolina Health Department announced a possible Medicaid data breach.

What personal data was included? confidential health information of 1,615 Medicaid patients. Only 2 Social Security Numbers were included, as most patients used Medicaid ID numbers. No birth dates were included.
 

How did it occur? a state employee sent unencrypted data to a local health agency

 

 

WRAL | DHHS reveals potential Medicaid data breach