OCR Should Stick to Rule Making & Enforcement – Not Tool Making

by Mahmood Sher-jan

Nobody knows healthcare data breaches like the HHS Office for Civil Rights does—according to its second annual report to Congress, OCR received 710 reports of breaches affecting approximately 22.5 million people, from September 2009 to December 2012.

Read More »

More Data Breach Enforcement Plus Changing Breach Laws Make for a Hot Summer

by Mahmood Sher-jan

Firefighters across the nation are facing unprecedented temperatures while responding to out-of-control fires that are endangering lives and destroying properties. Summer is also heating up for those of us in the security, privacy and compliance arenas.

Read More »

CISA Bill Highlights Privacy vs. Security Tensions

by Doug Pollack

You have to feel for the Cyber Information Sharing Act, or CISA, the latest version of cybersecurity legislation to make news. Every time a new version of this legislation emerges—including in 2012 and again in 2013—it stirs up a hornet’s nest of privacy versus security concerns.

Read More »

Financial Institutions Win the Data Breach Game with RADAR 4.0

by Mahmood Sher-jan

The great football coach Vince Lombardi said, “You don’t do things right once in a while…you do them right all the time.”

RADAR is an enterprise software solution for managing security and privacy incident response providing data breach guidance and operational workflow (to simplify compliance and reduce risks of future breaches).

Read More »

Hey, You on the Phone!

by Heather Noonan

Have you noticed we don’t go anywhere without our phones? We rarely go to bed without it, we walk, run, and drive everywhere with it. It seems to be a third limb for some people. This phenomenon occurred to me about a year ago when I went outside and noticed that every person had their phone attached to them. I realized we can’t go outside, or go anywhere for that matter, without our phone, without the fear of missing something important.

Read More »

Snail-Slow Security Implementation Despite Reports of Increased Risks

by Mahmood Sher-jan

If you knew thieves would break into your house, you would take immediate steps to secure it, right? That’s not the case for organizations that face security risks, according to the Ponemon Institute’s recent report, The State of Data Centric Security, that was recently covered in an SC Magazine article

Read More »

Managing Risks of Any Size, For Entities of All Sizes: 2014 Cyber Liability Forum in Review

by Jeremy Henley

As usual it was great to meet up in Philadelphia for this annual conference to see old friends and make many new ones.  As a long-time attendee and speaker, I can confirm that it is a good time for us to catch up on the latest and greatest in the cyber insurance space.

Read More »

Florida in the Forefront: How Florida’s Data Breach Law is Paving the Way for Change

by Heather Noonan

To be honest, I am impressed with Florida’s new Information Protection Act of 2014. Also referred to as FIPA, FIPA went into effect July 1, 2014 and starts a new wave of positive, future change for Florida. 

Read More »

Florida Repeals Old Law & Passes New Data Breach Law

by Mahmood Sher-jan

States typically amend their breach notification laws bust Florida repealed its law and passed a more comprehensive law. The newly signed Florida Information Protection Act of 2014, which will take effect on July 1, 2014, Florida joins the ranks of states that require businesses to safeguard individuals’ health inform by extending its definition of personal information (PI) to any information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by health care professional, health insurance policy number or subscriber identification number and any unique identifier used by a health insurer to identify the individual.

Read More »

How “Near Misses” Can Inform your Security Strategy and Reduce Data Breach Risk

by Doug Pollack

Organizations across industries are facing increased public attention and regulatory scrutiny in light of high profile data breach incidents. While the Target’s of the world get more publicity than they’d ever hoped for, what lies beneath all of this is that for every one very public Target security incident, there are hundreds, if not thousands, of security incidents involving regulated data (specifically personal information) that are “near misses”. The one’s that happened, but due to good fortune or effective efforts did not result in an incident that is categorized as a “data breach”, which then requires a public disclosure for all to see.

Read More »
Page 1 of 35 pages   1 2 3 >  Last »