We’ve discussed the importance of privacy assessments here in the past. It is a frustrating realization, indeed, when a company discovers a data breach involving data that it never needed or even knew it kept. A proactive company-wide privacy...(read more)
SEC Says No More Mr. Nice Guy on Investment Adviser Cybersecurity
Over the last couple years, the SEC’s cybersecurity bark has been worse than its bite. Its Office of Compliance, Inspections, and Examinations issued examination priorities in 2014. Commissioner Aguilar warned public company boards that they had...(read more)
The SEC's Investment Management Division Has Some Things to Tell You about Cybersecurity
Ed. Note: This entry is cross posted from Cady Bar the Door , David Smyth's blog offering Insight & Commentary on SEC Enforcement Actions and White Collar Crime. Lots of agencies and organizations want to boss you around about cybersecurity. In...(read more)
FIN4 May Have Embarked on a Risky Hacking/Insider Trading Strategy
I haven’t yet turned to a life of crime, so far be it from me to criticize actual criminals’ profit-maximizing strategies. It’s easy for me to nitpick, but I’m not the one strapping on my mask and trying to earn a (dis)honest dollar every day. But...(read more)
FCC Stakes Out Privacy Territory in Broadband Privacy Workshop
If you thought all the action in privacy regulation centered around the Federal Trade Commission, the Federal Communications Commission would like you to think again. Yesterday, April 28, the FCC held a 3-plus hour workshop that started the...(read more)
Physician Practices Be Alert: You Might Be Violating HIPAA If You Produce Medical Records In Response To State Court Subpoenas
Over the past months, my experiences with physician practices have made me realize that many practices do not understand how HIPAA applies to subpoenas for medical records. More worrisome, I suspect that many practices nationwide routinely violate...(read more)
BYOD: Five Things To Consider When Creating Your Policy
“BYOD” or “bring your own device” (also known as the “consumerization of IT”) is a fact of life in today’s workplace. BYOD refers to the practice of using personally owned devices—like smartphones, tablets, and laptops—for work purposes and allowing...(read more)
You are What You Keep
Suffering a data breach is bad enough. As often as it appears to happen, companies that are affected by a breach still shoulder a considerable burden. Management must stop the trains to identify the cause and scope of the breach—and then prepare for...(read more)