Goldberg Segalla, Author at Data Privacy and Security™

November 14, 2018 Cyber Attacks

Lawyers Still Lag in Information Security Risk Management

The frequency and scope of data breaches are growing every day. Hackers have set their sights on law firms because of the treasure trove of valuable data they hold. News of cyberattacks against the legal community has been splashed across the covers of business publications and warned about by professional organizations for a number of years, so this isn’t anything new. What is astonishing, however, is that law firms are still lagging behind with respect to insurance coverage for cyber risks and the implementation of… Continue Reading

In Line with GDPR, Canada Amends its Privacy Protection Regulation to Include Stringent and Mandatory Breach Notification Rules

On November 1, 2018, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) was amended to include stringent, mandatory breach notification rules. These rules are similar to the European Union’s General Data Protection Regulation (GDPR), which took effect in May, 2018. Organizations that conduct business in Canada will be subject to PIPEDA as well as the GDPR, if that organization is accessible in the European market. The new PIPEDA regulations reinforce the image of Canada as an international leader in personal data protection… Continue Reading

October 30, 2018 Cybersecurity

3D Printing: A Cybersecurity Concern

Additive manufacturing, more commonly known as 3D printing, is a process of making three-dimensional solid objects from a digital model. Additive manufacturing is already used in a number of critical fields, such as medicine, aerospace, civil engineering, and industrial manufacturing. 3D printers are often internet-connected, and increasingly open-sourced. And because of that, you can virtually 3d print pretty much anything through a 3d printing service. Confidentiality and privacy concerns are the most direct consequence of a data breach involving a 3D printer. This could… Continue Reading

October 24, 2018 Data Privacy

Data Privacy Goes [Back] to Washington

One of most interesting parts of the “Framework to Advance Interoperable Rules (FAIR) on Privacy” released on October 22, 2018 by the Information Technology Industry Council, a lobbying group representing Adobe, Amazon, Apple, Facebook, Google, Microsoft, Twitter, Visa and many others, may be the admission that the fundamental privacy principles intended to inform the development of future legislation were designed some 45 years ago in Washington D.C. by the United States Department of Health, Education and Welfare. In July 1973, the United States Department of… Continue Reading

October 10, 2018 Cyber Breach / Cybersecurity / Data Privacy

Long-struggling ‘Google Plus’ Social Network to be Shutdown after Security Breach Affects 500,000

On Monday, October 8, 2018 Google disclosed a security breach it discovered months ago that put at risk the personal data of hundreds of thousands of Google Plus users. In March, Google discovered, and fixed, the bug that allowed outside software developers to gain access to personal information on Google Plus users, including names, email addresses, ages, occupations and relationship status. The company’s decision to not immediately report the software bug has some concerned that Google cannot be relied on to protect privacy. Google… Continue Reading

October 3, 2018 Class Action / Cyber Breach / Cybersecurity / Data Privacy

SEC’s First Cybersecurity Enforcement Has Many Lessons

The Securities and Exchange Commission recently announced its first ever cyber-related enforcement action in a case that all companies should look at as a refresher on cybersecurity hygiene. In the Matter of Voya Financial Advisors, Inc. was brought against the publicly traded company that manages over $500 billion after a security breach through several of its brokers acting as independent contractors for the company. These brokers typically accessed Voya clients’ PII through a password protected web portal while using their own IT equipment and networks.… Continue Reading

October 2, 2018 Cyber Attacks / Cyber Breach

Security Breach Compromises 50 Million Facebook Accounts

In the wake of concerns that the social media giant collects too much personal data, Facebook, Inc. discovered a security breach on September 25, 2018 that affected almost 50 million accounts. Recent privacy regulations, including those recently enacted in the European Union, may have forced Facebook into promptly reporting the breach just three days after it was discovered. Based on the breaking-news reports, the FBI is working with Facebook to investigate the breach to determine the extent of the breach, what information was accessed, whether… Continue Reading

September 25, 2018 Cyber Risk / Cybersecurity / Legislation

Congress Continues to Grapple with Election Interference

The Secure Elections Act may be back on the table once again. The bipartisan bill was introduced “to protect the administration of Federal elections against cybersecurity Threats.” In large part, the bill was intended to combat concerns that Russia and other state and private actors could exploit vulnerabilities in backend election systems, including voter registration databases, ballot creation systems, election voting services, voting machine configuration systems, absentee processing and reporting and tabulation software. The bill’s sponsors hope to pass a version of the… Continue Reading

September 19, 2018 Cyber Risk / Regulation

GAO Report on Cybersecurity Provides Useful Strategies for Federal Agencies and Private Industry

The Government Accountability Office (GAO) recently published another report in its High-Risk Series detailing the major cybersecurity challenges facing the federal government and outlines key strategic elements to address those challenges. While the report focuses on issues pertaining to federal agencies, several of the observations, and recommendations are also applicable to private businesses. To start, the report details five key elements that are needed to make progress in addressing cyber threats: 1) Leadership Commitment; 2) Capacity; 3) Action Plan; 4) Monitoring; and 5) Demonstrated Progress.… Continue Reading

September 13, 2018 Regulation

The FTC Gang’s All Here, Part III

As we noted in a previous post, the United States Senate has confirmed five new commissioners, bringing a full complement to the Federal Trade Commission (FTC). Four of those commissioners have taken their seats, with the fifth likely to join in the Fall. Here we will provide the biographies of the last two commissioners (based on seniority). We have already discussed the other three new commissioners. Commissioner Rebecca Kelly Slaughter – Commissioner Slaughter was sworn in in May 2018. She comes to the… Continue Reading