Privacy Regulation

National data breach notification bill passed in U.S. House

Angela Moscaritolo December 10, 2009

The Data Accountability and Trust Act would require any organization that experiences a breach of electronic data containing personal information to notify all affected U.S. residents.
 

Mass. data law finalized

Dan Kaplan November 06, 2009

The Massachusetts Office of Consumer Affairs and Business Regulation this week filed a finalized version of its data security regulations, scheduled to take effect March 1, 2010. The requirements must be followed by companies handling the personal data of Bay State residents. The final version clarifies the deadline by which companies must impose the provisions on their third-party providers. Existing contracts with these third parties must include safeguard rules by March 1, 2012, but new or updated contracts must meet the March 1, 2010 deadline. -- DK
 

House panel OKs law addressing cyberstandards

Angela Moscaritolo November 05, 2009

A draft bill approved Wednesday by a U.S. House subcommittee would require the National Institute of Standards and Technology to coordinate government in the development of cybersecurity standards, a move to make the creation process more streamlined.
 

Survey finds lax health care privacy in United States

Chuck Miller October 20, 2009

Despite regulations mandating protection of health care records, more than half of American hospitals fail to take appropriate steps to safeguard the privacy of patients, according to a new survey of health care IT security professionals.
 

Schwarzenegger negs update to California breach law

Dan Kaplan October 15, 2009

In an apparent surprise move, Gov. Arnold Schwarzenegger rebuffed a bill that would have updated the 2003 landmark California data breach notification law.
 

Bill to bolster California breach law awaits governor

Dan Kaplan September 11, 2009

California Sen. Joe Simitian is close to seeing another of his privacy bills get signed into law -- this one requiring that data breach notification letters contain more details.
 

Group urges Congress to pass privacy laws

Chuck Miller September 02, 2009

Lawmakers expect to consider privacy laws when they return from summer recess.
 

Mass. data law revised

Dan Kaplan August 24, 2009

The deadline to comply with Massachusetts' new data security regulations -- considered among the strictest in the nation -- has been extended three months, until March 1, 2010, the state announced last week. The provisions also were updated to reflect a risk-based approach for developing a written information security policy, a move meant to assuage small businesses that have expressed concern over meeting the demands. The new language dictates that in implementing safeguards, organizations should take into account their size, the types of records they maintain and the ID theft threat they pose. — DK
 

Top websites using Flash cookies to track user behavior

Angela Moscaritolo August 11, 2009

Little-known Adobe Flash cookies are being used by some websites to get around users' attempts to avoid being tracked by advertising networks, according to research from University of California, Berkeley.
 

Leahy, for third time, submits federal data security law

Dan Kaplan July 24, 2009

A Vermont senator is trying again with a law that would, among other things, standardize requirements on data breach notification.
 

Health care organizations unprepared for digital transition

Angela Moscaritolo July 22, 2009

Most health care organizations do not have data loss prevention technologies or a CISO, while, for many, tight security budgets and required third-party interactions pose additional challenges, according to a new study by Deloitte.
 

Facebook bloggers reveal way to peek at private profiles

Dan Kaplan June 22, 2009

Another day, another social-networking threat -- this one involving the potential of information disclosure on Facebook.
 

PCI-DSS: Not on health care provider's radar

Jim Lacy, CFO, ZirMed June 19, 2009

In 2009, virtually all health care providers take credit cards - and virtually none of them are PCI compliant.
 

Google's new Chome browser comes with privacy option

Chuck Miller May 22, 2009

Google has introduced its latest version of Chrome, and claims to have enhanced speed and privacy features.
 

PCI DSS compliance: You can't just check the boxes

Brian Eberhardy, senior consulting engineer for SenSage May 01, 2009

Recent breaches at organizations that were certified as PCI DSS compliant, continue to prove that compliance doesn't completely eliminate the risk of a data breach.
 

California breach law rises

Dan Kaplan April 28, 2009

The California State Senate has passed a law, SB-20, that would require breached organizations to provide victims with additional information. The legislation would mandate that companies tell customers what type of personal information was breached and when the breach occurred. Currently, the state's pioneering SB-1386 law requires the breached entity to only say that a compromise occurred. The new bill, introduced by state Democrat Sen. Joe Simitian, who also sponsored SB-1386, is now up for approval in the state Assembly. — DK
 

RSA: National consumer privacy and security law needed

Angela Moscaritolo April 23, 2009

The question of whether the United States needs a national consumer data privacy and security law was met with a resounding "yes" from panelists on Wednesday at the RSA Conference.
 

RSA: The fundamental challenge of security versus privacy

Angela Moscaritolo April 22, 2009

A fundamental tension exists in balancing individual privacy rights and the collective right to security, Gary McGraw, CTO of application security vendor Cigital said at the RSA Conference Tuesday.
 

Cyber assurance needs teeth

Greg Hoglund, CEO, HBGary April 15, 2009

The Obama administration needs to take firm action now to give organizations the tools to fight cyberthreats.
 

Survey: Financial crisis fuels identity theft fears

Chuck Miller April 06, 2009

Most Americans believe the world financial crisis has increased their risk of identity theft or related crimes.
 

White House expected to lead cybersecurity efforts

Dan Kaplan March 26, 2009

The White House likely will take the lead role in federal cybersecurity coordination once a 60-day review is completed.
 

Privacy group urges FTC to investigate Google's cloud services

Angela Moscaritolo March 18, 2009

The Electronic Privacy Information Center, a privacy advocacy group, filed a complaint with the Federal Trade Commission on Tuesday urging an investigation of Google's cloud computing services to determine the adequacy of its privacy and security safeguards.
 

Behavioral advertising bill being drafted

Angela Moscaritolo March 16, 2009

Three U.S. congressmen are drafting a bill that would require companies to disclose to users that their internet activity is being tracked for behavioral advertising purposes.
 

Google's interest-based advertising sparks privacy debate

Angela Moscaritolo March 12, 2009

Google on Wednesday launched an "interest-based" advertising service, sparking a larger discussion among privacy-advocacy groups over data collection concerns.
 

Senatorial campaign data breach documents leaked

Chuck Miller March 11, 2009

The campaign of Norm Coleman, the Minnesota Republican senator locked in a vicious recount battle to retain his seat, told political donors on Wednesday that they should cancel their credit cards after financial information of contributors was posted online.
 

P2P legislation would build security awareness among users

Dan Kaplan March 09, 2009

Peer-to-peer security awareness is back on Congress' agenda with the introduction of legislation that would require notice and consent when installing the software.
 

Group unveils first-of-its-kind standard to secure patient data

Dan Kaplan March 02, 2009

An unprecedented health care common security framework seeks to raise patient trust, while enabling organizations to more effectively meet compliance mandates -- especially as they move toward electronic records.
 

Report: Privacy issues plague cloud computing

Angela Moscaritolo February 24, 2009

Before turning to cloud computing applications to conduct business, enterprise executives should think twice about the potential for exposure of corporate secrets or legal liabilities, according to a new World Privacy Forum report.
 

Data protection lawyer appointed to lead DHS privacy efforts

Dan Kaplan February 19, 2009

A lawyer specializing in data security has been appointed chief privacy officer at the U.S. Department of Homeland Security.
 

Protest by Facebook users alters use policy

Greg Masters February 18, 2009

A slight change made last month in Facebook's terms of service contract ignited a firestorm from users when the implications were digested.
 

Latest News

Popular Topics
Analyst Reports & Industry Surveys Botnets Breach Remediation Breaches & Exposures Browser Flaws Cloud Computing Compliance Cybercrime Data Breaches Data Leakage Prevention Database Security Government Hackers Hacking Identity Theft Lawbreakers & Cybercrime Malware Nation State Patch Management Patch Tuesday Phishing Retail RSA Conference 2010 Vulnerabilities & Flaws Vulnerability Management