In the age of digitization, personal information your business holds about your customers (or your customers’ customers) has become a strategic enterprise asset and should be treated as such.

Privacy considerations should be incorporated into your go-to-market strategies.

Gartner with some tips:

  • Customer-facing policies and communications should clearly explain what information is collected and why,

Shata Stucky writes:

Username and password login fields, online securityThe United States National Institute for Standards and Technology (NIST) has issued new guidelines for creating secure passwords.  NIST guidelines, which are directed to “federal government systems,” often become best practice recommendations across the security industry.

The new guidelines are a significant break from previous rules.  Security experts previously recommended frequent password

Businesses that relied previously on the EU’s Safe Harbor exception to transfer data from Israel to the United States have had that authorization revoked by the Israeli Law, Information and Technology Authority (ILITA).

It’s part of the ongoing ripple effect caused by the invalidation of Safe Harbor.

Now that Safe Harbor is off the table,

This blog post is the sixth and final entry of a six-part series discussing the best practices relating to cyber security. The previous post discussed the individuals and organizations that should be notified once a cyberattack occurs. This post will focus on what a business should not do after a cyberattack. Key points include (1) not using the network, (2) not sharing information with unconfirmed parties, and (3) not attempting to retaliate against a different network.
Continue Reading

This blog post is the third installment of a seven-part series discussing the best practices relating to cyber security. The first two blog posts discussed the best practices for preparing a business in case of a cyberattack. This post will discuss the initial steps that a business should take after a cyberattack occurs.
Continue Reading

In response to a data breach in 2014, employees of University of Pittsburgh Medical Center filed a two-count class action complaint against UPMC for (1) negligence and (2) breach of an implied contract for failing to protect their personal data. The employee plaintiffs alleged that their Social Security numbers, names, addresses, birthdates, W2 information and

The Security and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) recently released an initial summary of its findings from its 2014 OCIE Cybersecurity Initiative.  The OCIE examined 57 registered broker-dealers and 49 registered investment advisers to better understand how broker-dealers and advisers address the legal, regulatory, and compliance issues associated with cybersecurity.

Officials from both the Federal Trade Commission (FTC) and European Union (EU) recently called for enhancements to the Obama administration’s proposed Consumer Privacy Bill of Rights.

The White House’s proposed Consumer Privacy Bill of Rights seeks to provide “a baseline of clear protections for consumers and greater certainty for companies.”  The guiding principles of

New Jersey Governor Chris Christie signed a bill (S.562) into law on January 9, 2015 that will impose a standard more stringent than HIPAA on health insurance carriers authorized (i.e., licensed) to issue health benefits plans in New Jersey.  Effective August 1, 2015, such carriers will be required to secure computerized records that include certain

On December 31, 2014, the Federal Trade Commission announced that it approved a final order settling charges against Snapchat.

In its complaint, the FTC charged Snapchat with deceiving consumers over the amount of personal data that it collected and the security measures in place to protect the data from disclosure and misuse.

The settlement order