ACI-001 Online Ad Campaign r7_response 728x90
CS15_300x250_Banner_FINAL

Certification_CIPT_300x250final-01

(Apr 21, 2015) Last week, the Pew Research Center released a report on “Why some Americans have not changed their privacy and security behaviors.” Of the nearly 500 adults surveyed, more than half said they thought it would be “somewhat difficult” or “very difficult” to find tools to help protect their privacy while online. Yet, another recent Pew report found that an astounding 91 percent said they believe consumers have lost control of how their personal data is collected and used by companies. In this post for Privacy Tech, Jedidiah Bracy, CIPP/E, CIPP/US, argues that this is more significant evidence that privacy engineers are needed to design and implement privacy-preserving tools within products and services by default. Read More

Daily Dashboard

Video: Dara Murphy on Ireland’s Lead DPA Role

(Apr 21, 2015) Irish Minister of State for Data Protection Dara Murphy addressed the IAPP Europe Data Protection Intensive in London, UK, last week, focusing on Ireland's role as the lead data protection authority to many of the world's largest digital companies and arguing against protectionism in the EU's data protection and digital policies. Will Ireland be able to staff an office capable of regulating the behemoths of the Internet Age? Murphy said it's his job to find a way. Hear his rationale in this exclusive IAPP video. Read More

Daily Dashboard

Research Unveils HTTPS-Crippling Bug

(Apr 21, 2015) Ars Technica reports approximately 1,500 iPhone and iPad apps include a bug that makes HTTPS encryption vulnerable, providing a way for adversaries to obtain encrypted passwords, bank account numbers and other sensitive information. The bug was uncovered by researchers last month and stems from a legacy version of an open-sourced code library called AFNetworking. The library allows developers to drop networking capabilities directly into their apps. AFNetworking has provided a patch, but not all... Read More

Daily Dashboard

NAIC Outlines Principles for Insurers, Producers

(Apr 21, 2015) Cybersecurity regulations that govern “insurance companies and producers need to be ‘scalable, practical and consistent’ with rules enforced in other industries,” Insurance Business America reports, citing guidelines issued by the National Association of Insurance Commissioners (NAIC). On Friday, the NAIC released a dozen principles “it says will ‘serve as the foundation’ for any insurance regulation aimed at protecting sensitive customer information kept by insurers and producers,” the report states. The principles call for flexibility in rules and guidance from regulators and ask that guidance “consider the resources of the insurer or insurance producers.” Read More

Daily Dashboard

HSBC Notifies Customers of Breach

(Apr 21, 2015) HSBC Finance Corp. has alerted its mortgage customers of a data breach that occurred at the end of last year and early this year, The Hill reports. The breach “revealed the personal information of some individuals,” the report states, and affected 10 HSBC Finance subsidiaries with customers in at least four states. HSBC began sending letters to customers earlier this month after officials discovered the breach on March 27. HSBC is offering one year of free credit monitoring and identity protection services, the report states. “We are conducting a thorough review of the potentially affected records and have implemented additional security measures designed to prevent a recurrence of such an incident,” HSBC’s letter to New Hampshire customers stated. Read More

Daily Dashboard

On the Need for Better Data Visualization Tools

(Apr 21, 2015) Corporate networks are getting more complex, making it more difficult for security professionals to defend them against cyberattacks, The Wall Street Journal reports, and increasing the need for better data visualization programs. Too much time is spent looking at lines of code, and vendors have offered some visual solutions. “Unfortunately, they’re still circa 1998,” said Creative Solutions in Healthcare Chief Information Officer and Chief Information Security Officer Shawn Wiora. “Security is ... Read More

Daily Dashboard

CISA Concerns Persist

(Apr 21, 2015) The Hill reports on Senate Democrats who “are signaling they will try to amend a major cybersecurity bill when it hits the Senate floor in the coming weeks.” Sens. Martin Heinrich (D-NM) and Mazie Hirono (D-HI) said in a Senate Intelligence Committee report that “they ‘continue to harbor concerns’ about several privacy provisions” in the Cybersecurity Information Sharing Act (CISA), the report states. CISA, which would give companies liability protection when they share cyber-threat information with the government, passed out of committee last month by a vote of 14-1. Meanwhile, Anonymous is also speaking out against cyber-threat sharing legislation. Read More

Daily Dashboard

EEOC Issues Proposed Rule on ADA and Wellness Programs

(Apr 21, 2015) The Equal Employment Opportunity Commission (EEOC) has released a proposed rule on how Title 1 of the Americans with Disabilities Act (ADA) applies to employer wellness programs that are integrated with group healthcare plans. The EEOC worked with the Departments of Labor, Health and Human Services and Treasury in developing the Notice of Proposed Rulemaking (NPRM) “to harmonize the ADA's requirement that medical inquiries and exams that are part of an employee health program must be voluntary” with the Health Insurance Portability and Accountability Act “goal of allowing incentives to encourage participation in wellness programs," said EEOC Chair Jenny Yang. The NPRM will include guidance on providing employees with notice about what data will be collected and how it will be shared, used and protected. Read More

Daily Dashboard

Advocacy Groups Concerned About Data Protection Law

(Apr 21, 2015) V3.co.uk reports on rights groups that have written to the European Commission (EC) with “concerns that new data protection laws currently being worked on will actually erode individuals’ data protection and privacy rights.” Amidst the EC’s efforts “to have a single cross-continent data protection law in place … a coalition of more than 60 rights groups from across the globe have now sent an open letter to EC President Jean-Claude Juncker explaining their concerns that the new laws being mooted ... Read More

Daily Dashboard

CDD: NTIA Should Not Be Part of Drone Privacy Framework

(Apr 21, 2015) The Center for Digital Democracy (CDD) does not believe the National Telecommunications & Information Administration (NTIA) should oversee a voluntary drone privacy framework, Broadcasting & Cable reports. In comments to the NTIA, which was directed to oversee the voluntary drone standards process by President Barack Obama, the CDD said in its mobile app transparency and facial-recognition efforts, the NTIA “failed to accomplish anything significant.” The CDD also contends “the NTIA has a ‘major conflict of interest’ on privacy and can't represent the public's interest because it and parent Commerce Department have the primary function of promoting U.S. business interests,” the report states. The CDD instead suggested the Federal Trade Commission should lead drone privacy efforts. Read More

Daily Dashboard