FCC’s Privacy Protections for Telecommunications Carriers

A Q&A with Sara Hutchins Jodka of McDonald Hopkins

The Federal Communications Commission alerted telecommunications and interconnected VolP service providers that the annual privacy certification for Customer Proprietary Network Information (CPNI) was due on March 1, 2016, and also warned that similar obligations would soon be required of broadband providers. I spoke with Sara Hutchins Jodka, senior counsel at McDonald Hopkins, about the implications for the telecommunications industry, and what companies can do to shore up their privacy protections.

Continue Reading

Delving Into California’s Data Security Report

CaliforniaA Q&A with Tanya Forsheit of BakerHostetler

In February California Attorney General Kamala Harris released her state’s data breach report and outlined “reasonable” security measures that companies should employ to avoid enforcement actions. I talked to litigator Tanya Forsheit about the AG’s recommendations and how companies should address them.

Continue Reading

Parsing the EU’s Cybersecurity Rules

A Q&A with Alan Meneghetti of Locke Lord LLP

Last December, the European Commission, the European Parliament and the Council announced that they had reached an agreement on an EU-wide cybersecurity directive that should go into effect within the next few years. I asked UK-based lawyer Alan Meneghetti about what the new rules mean and what they cover.

Continue Reading

Data Governance: Managing and Safeguarding Important Information Assets

A Q&A with Tom Preece of Rational Enterprise

Many data breach events are at least partly the result of poor data governance: organizations that don’t maintain a data inventory or map. Without such oversight, the inevitable breach event can become all the more devastating. I spoke with Tom Preece of Rational Enterprise about what organizations can do to gain control over their data.

Continue Reading

Don’t Ring the (False) Alarm: When a Data Loss Event Isn’t a Breach

A Q&A with Darin Bielby and Jeremy Batterman of Navigant Consulting’s Information Security & Investigations Practice
During a recent Risk and Insurance Management Society (RIMS) panel discussion, Navigant Managing Director Darin Bielby asserted that 50 percent of the organization’s information security forensic investigations yield evidence that enables legal counsel to counsel companies that a data breach did not occur. These findings typically demand no further action or notification about the event, though some organizations proceed with additional precautionary measures. I talked with Bielby and his colleague Jeremy Batterman about the reality of data privacy events and what forensic investigators are seeing.

Continue Reading

Australian Cyber Security: A Primer

A Q&A with Leah Mooney of MinterEllison
The cyber security field is rapidly evolving in Australia where new legislation, growing costs and an increased awareness of threats and liability have spurred discussion and concern. I spoke with Attorney Leah Mooney, special counsel in the Insurance and Corporate Risk Group of MinterEllison, about the state of affairs in Australia and what businesses operating there might need to know about looming risks and how to mitigate them.

Continue Reading

Third-Party Vendor Risk in Healthcare

A Q&A with Ozzie Fonseca of Experian
Last year’s data breach at Medical Management, LLC highlights the importance of third-party vendor oversight in the healthcare space. In this specific case, a call center agent at a billing company was copying information and sharing it with an unauthorized third party, leading to the exposure of thousands of patients records from 40 providers. We spoke to Ozzie Fonseca of Experian Data Breach Resolution about its implications for healthcare organizations.

Continue Reading

Bad Connections: Hidden Risks in the Internet of Things

Hand holding smart phone with Internet of things (IoT) word and object icon and blur background, Network Technology concept..

A Q&A with Larry Pesce of InGuardians
While the Internet of Things is making life more convenient, it’s also posing numerous security risks for both individuals and organizations. To find out more about why companies should keep an eye on these devices and how they can better mitigate risk, I spoke with Larry Pesce of InGuardians.

Continue Reading

EMV and Payment Security: What’s Next

A Q&A with Dan Fritsche of Coalfire
The introduction of EMV chip cards and newer PCI Security standards go a long way toward reducing data breach incidents and payment card-related fraud. Yet many retailers still have not adopted the technology and EMV in and of itself is not a wholesale solution for data loss. I spoke with Dan Fritsche, Vice President of Solution Architecture at Coalfire, about ongoing payment card concerns for retailers and what they can do to make their systems more secure.

Continue Reading

Using Big Data to Protect Against Cyber Risk

A Q&A with Lance Forbes of LemonFish Technologies
Of all Big Data’s capabilities, the means to proactively detect cyber breach events is especially intriguing. I spoke with Lance Forbes, chief scientist of LemonFish Technologies to find out more about how analytics can be used to find lost data across the internet.

Continue Reading

No more posts.