December 2016 – InfoHive

Data Breach Legislation & Regs. Carrot & the Stick. The Stats & The Regs.

What do you need to know about data breaches?

93% could have been prevented according to the Internet Society Study
breaches cost the US $500 billion per year

The carrot & the stick:

Increase the accountability of entities that hold data
By requiring the entities to shoulder more of the cost of a breach
Allow these entities to offer “credible security signals to the market” to provide a benefit to the entity

Tech Crunch | The carrot and stick of data breaches

Student Records Data Breach Prompts Legislation in Old Line State

The state: Maryland

The data breach: Student records, including names, brthdates and Social Security numbers in Frederick County Public Schools

Why legislation was triggered?

A state senator didn’t think he was getting enough answers from education officials
An April 2015 audit called for increased data security measures for student data

The legislative proposal:

Requiring up to 5 years of identity and credit monitoring for data breach victims
Not require schools to transfer…

AMA. 8 Principles for Mobile Health Data Protection. The Key: State laws & regulations.

Support the establishment or continuation of a valid patient-physician relationship;
Have a clinical evidence base to support their use in order to ensure mHealth app safety and effectiveness;
Follow evidence-based practice guidelines, to the degree they are available, to ensure patient safety, quality of care and positive health outcomes;
Support care delivery that is patient-centered, promotes care coordination and facilitates team-based communication;
Support data portability and…

Legislating. Regulating. Information the Vehicles Store.

On the horizon is rulemaking to make cars talk to each other. Cars will transfer information about how the car is moving and where it is, that gives rise to these legislative and regulatory questions?

Can the data stored or transmitted by cars be used in tort litigation?
Can the data stored or transmitted by cars be used in any litigation?
Do data breach standards apply of this information is hacked?

The future is here. U.S. Department of Transportation is proposing new rules to require…

1 Byte. Why Data Security Extends Beyond Computers.

The U.S. Air Force forewarns that data security is more than computers. Its networked mechanics and platforms.

There’s even handy jargon sure to catch on- operationalize cyber security.

Sound familiar? Sounds likeutilize medical equipment that transmits information, or dolls that contain information about children, or your Fitbit.

Defense Systems | Air Force: Cyber security extends beyond IT

Growth of the Cyber Security Insurance Market in 2016. The Numbers:

60+ carriers offer stand-alone cyber insurance policies
$3.25 billion in gross written premiums
growth potential to $7.5 billion
Cyber security breaches are the 3rd highest global business risk
$7 million is the average cost of a breach

Insurance Information Institute | U.S. Cyber Insurance Market Grows Amid Data Breach Concerns

3 Ways State Attorney Generals Play a Role in State Data Security Legislation

23 of the 47 states that have data breach laws require the state Attorney General to be notified
State Attorney Generals litigate data breaches
- in Texas, the Attorney General reached a settlement with Paypal app, Venmo, for $175,000 requiring the company to “improve disclosures regarding security and privacy”
many state Attorney Generals set policy like hio Attorney General who launched, CyberOhio

Lexology | McGuirre Woods | In Data Privacy, Don’t Forget the State Attorneys General

Government Data Security Quagmire: Secret Data Lines

What to do when retired Lt. Gen. Michael Flynn is reported to have installed secret data lines in his Pentagon office?

If you’re a U.S. Senator you request a denial of security clearance.

U.S. Senator Shaheen | Shaheen, Blumenthal Call on Top Intelligence Officials to Review Security Clearance Given to Lt. Gen. Michael Flynn

The Data Security Concerns of the 99.7%.

Internal data security threats top all but 0.3% of cyber security concerns.

What are examples of internal data security threats?

malware being installed by workers
stolen or compromised credentials
stolen data
abuse of administrative privileges

SC Media | Everyone is worried about internal cybersecurity threats, report

Data Security Hits Federal Procurement Standards. Read the Tea Leaves for the States.

To meet federal data security requirements in contracts, GSA added Adobe’s data-centric security and electronic signature solutions to GSA’s IT Schedule 70.

The key facts from GSA:

Increased acquisition efficiency for data security and electronic signatures.
Over $350 million in potential cost savings for the American taxpayer.
Agencies will be afforded tiered discounts by leveraging the buying power of the federal government.
Reduced contract duplication and administrative cost with…