In Connecticut, if you adopt and maintain and comply with written cybersecurity program that contains administrative, technical and physical safeguards for the protection of personal or restricted information and that conforms to an industry recognized cybersecurity framework then you will not be subject to punitive damages in court against any cause of action founded in
Data Processors beware.
France’s CNIL issued an enforcement action against both a data controller (150,000 EUR) and a data processor (75,000 EUR) for inadequate information security measures leading to a credential-stuffing attack.
The attackers were able to take the: last name, first name, email address, DOB, loyalty card balances and orders of approximately 40,000 individuals.…
The Australian Cyber Security Center has published a guide on identifying cyber supply chain risks in suppliers, manufacturers, distributors and retailers.
A key area flagged is foreign control, influence and interference and suggests a questionnaire for the suppliers which includes the following questions:
- What access might a foreign government gain in controlling or interfering with
U.S Rep. Bob Latta (R-Ohio), ranking member of the House Energy and Commerce Subcommittee on Communications and Technology. has re-introduced the “Safely Ensuring Lives Future Deployment and Research In Vehicle Evolution Act’’ or the ‘‘SELF DRIVE Act’’ to regulate autonomous vehicles.
The legislation includes:
- Detailed cybersecurity plan requirements
- Detailed privacy plan requirements
The National Security Administration issued a white paper on location data:
- Using a mobile device — even powering it on — exposes location data.
- Cellular providers and commercially available rogue base stations receive real-time location information.
- Location data is stored on the mobile device.
- Websites use browser fingerprinting to harvest location information, and WiFi access
New Zealand’s Government Cyber Security Centre has issued a guide on incident response, laying out key steps designed to help business leaders and cybersecurity professionals strengthen their organizations’ ability to manage and respond to cybersecurity incidents.
The guide lists five incident management steps:
- Define Roles and Responsibilities
- Identify Threats and Assets
- Have a Plan
The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) issued an advisory to hospitals and other healthcare organizations that cybercriminals are targeting them with phishing campaigns, ransomware, and other malicious acts referencing COVID-19. Cybercriminals are exploiting the fact that the healthcare sector is consumed with COVID-19 management and response to ramp up attacks, including ransomware…
CISO members of the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) published a white paper to help cybersecurity leaders in retail and hospitality prepare for compliance with the California Consumer Privacy Act (CCPA).
Key recommendations from the white paper:
- Consider contract language that prevents third-parties from selling personal information sold to them unless
Privacy compliance as a competitive differentiator: 97% of 3,200 companies surveyed say they are receiving auxiliary benefits today from their data privacy investments, beyond just meeting compliance requirements.
Benefits cited include:
- greater agility and innovation
- competitive advantage versus competition
- operational efficiency
- investor appeal
- less costly data breaches
- for companies that had undergone GDPR compliance work,
2019 presents businesses with new cybersecurity and privacy challenges: rapid advances in technology, sophisticated new cyberattacks and stricter privacy regulations here and around the world, just to name a few. Businesses that fail to plan risk significant financial and reputational damage.
Those at the front of the fight, but out of the headlines will: