Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybercrime

S.177 – Data Security and Breach Notification Act of 2015

Data Security and Breach Notification Act of 2015Requires the Federal Trade Commission (FTC) to promulgate regulations requiring commercial entities, nonprofit and for-profit corporations, estates, trusts, cooperatives, and other specified entities that own or possess data containing personal information (covered entities), or that contract to have a third-party maintain or process such data for the entity, to implement information security policies and procedures for the treatment and protection of personal information. Establishes procedures to be followed in the event of an information security breach. Requires a covered entity that discovers a breach to notify the FTC (unless the covered entity has already notified a federal entity designated by the Department of Homeland Security [DHS] to receive such information) and affected individuals. Sets forth requirements concerning such notification, including methods of notification and timeliness requirements. Allows an exemption from notification requirements if such entity reasonably concludes that there is no reasonable risk of identity theft, fraud, or other unlawful conduct. Establishes a presumption that there is no such risk for encrypted data. Directs DHS to designate a federal entity that covered entities would be required to notify if a security breach involves: (1) the personal information of more than 10,000 individuals, (2) a database containing the personal information of more than 1 million individuals, (3) federal government databases, or (4) the personal information of federal employees or contractors known to be involved in national security or law enforcement.”

Proposed law would jail execs who fail to report data breaches

NACD Public Company Governance Survey – top of list is cybersecurity

“The National Association of Corporate Directors (NACD), the authority on boardroom practices representing more than 17,000 board members, today released its 2017–2018 NACD Public Company Governance Survey, an annual survey that looks through a board lens into the chief areas of concern for corporate directors. Industry disruption, business-model disruption, changing global conditions, and cybersecurity threats… Continue Reading

GAO – DOD Needs to Address Cyber Incident Training Requirements

Defense Civil Support: DOD Needs to Address Cyber Incident Training Requirements, GAO-18-47: Published: Nov 30, 2017. Publicly Released: Nov 30, 2017. “The Department of Defense (DOD) did not develop a comprehensive plan for U.S. Cyber Command (CYBERCOM); instead, the department submitted a report consisting of a collection of documents that fully addressed two of the… Continue Reading

Google Study Says Phishing Attacks Are the Biggest Threats to Web Users

DeepDotWeb: “A study by Google discovered that phishing attacks through fake emails were as effective as compared to data breaches that exposed usernames and passwords. Cyber criminals or cyber groups manage to steal over 25,000 valid sets of web credentials for Gmail accounts every week, painting a picture of the extent this problem has reached.… Continue Reading

Cybersecurity: Cybercrime and National Security Authoritative Reports and Resources

CRS Reports & Analysis – Cybersecurity: Cybercrime and National Security Authoritative Reports and Resources. November 14, 2017 (R44408): “As online attacks grow in volume and sophistication, the United States is expanding its cybersecurity efforts. Cybercriminals continue to develop new ways to ensnare victims, whereas nation-state hackers compromise companies, government agencies, and businesses to create espionage… Continue Reading

Belfer Center Cybersecurity Campaign Playbook

Belfer Center for Science and International Affairs: “People join campaigns for different reasons: electing a leader they believe in, advancing an agenda, cleaning up government, or experiencing the rush and adrenaline of campaign life. These are some of the reasons we got involved in politics. We certainly didn’t sign up because we wanted to become… Continue Reading

Trends in Technology and Digital Security

“Foreword – On September 14, 2017, the George Washington University Center for Cyber & Homeland Security (CCHS) convened a Symposium on Trends in Technology and Digital Security. Four panels addressed emerging threats and their implications for security policy, with a focus on digital infrastructure protection and anticipatory analysis. In addition, a featured speaker from abroad… Continue Reading

New Federal Data Protection Requirements Impact Higher Education Institutions

“In July 2017, Deloitte and EDUCAUSE convened an expert panel to discuss the implications for higher education institutions in protecting controlled unclassified information (CUI) received from the federal government in institutional information technology systems. Chief information officers and chief information security officers from American University, Coppin State University, George Washington University, Montgomery College, and Virginia… Continue Reading

Rising to the risk: Cybersecurity top concern of corporate counsel

“Risk management is not just a compliance exercise but an opportunity to gain a competitive advantage. More than ever, legal departments are playing a significant role in managing risk and monitoring its effectiveness, especially in the critical area of cybersecurity. Grant Thornton and Corporate Counsel magazine recently surveyed over 190 corporate general counsel to assess… Continue Reading

Equifax data breach fallout – hundreds of class action suits and SEC subpoena

Equifax faces hundreds of class-action lawsuits and an SEC subpoena over the way it handled its data breach “Equifax, the credit reporting firm, is facing more than 240 class-action lawsuits from consumers — in addition to suits from shareholders and financial institutions — over the way it handled a massive data breach that affected 145.5 million Americans. The… Continue Reading

Department of Homeland Security 2017 Privacy Office Annual Report to Congress

“The work of the DHS Privacy Office supports all five core DHS missions articulated in the Quadrennial Homeland Security Review: (1) prevent terrorism and enhance security; (2) secure our borders; (3) enforce our immigration laws; (4) safeguard cyberspace; and (5) strengthen national preparedness, as well as the important cross-cutting goal to mature and strengthen homeland… Continue Reading

Equifax says it owns all its data about you – really!

Senate Commerce Committee Hearing – Protecting Consumers in the Era of Major Data Breaches – November 8, 2017: “…“Massive data breaches have touched the vast majority of American consumers,” said [Senator John] Thune [R- S.D.]. “When such breaches occur, urgent action is necessary to protect sensitive personal information. This hearing will give the public the… Continue Reading