Privacy Plus+ News
Stay informed with our latest insights on privacy and technology trends, along with key updates from our firm.
Protecting your Digital Privacy
This week, let’s revisit essential privacy and security practices, highlighting WIRED Magazine's comprehensive guide on protecting yourself from government surveillance.
Unprecedented Cyber Espionage and its Effect on Supply Chain Risk
This week, let’s examine recent reports about cyber espionage targeting the United States and other Western nations.
Exploring EPIC’s Report on Outsourced AI Systems
Exploring EPIC’s Report on Outsourced AI Systems: This week, let’s consider government contracts for AI systems and the Electronic Privacy Information Center’s analysis of related issues, like privacy, cybersecurity, accuracy, bias, and more. Tips about procurement and contracting are included.
“Public Insecurity:” The Special Vulnerability of Public Facilities
This week, let’s focus on the ransomware attacks on state and local governments and consider some risk-reducing cybersecurity measures.
Blackbaud's FTC Deal: Delete Data, Amp Up Security
This week, let’s take a look at the Federal Trade Commission’s recent settlement with Blackbaud Inc, a service provider of software and services for more than 45,000 companies, and consider it as guidance on reasonable security measures and data retention practices.
How do you “Own” Data?
This week, let’s consider what “owning data” actually means — hint: It’s not what you may think.
The SEC's Twitter Account Compromise: Lessons and the Threat of SIM Swap Attacks
This week, let’s cover the cybersecurity incident that has shocked the U.S. Securities and Exchange Commission (SEC) and the Bitcoin market, and examine what companies can learn about securing their social media accounts and dealing with the threat of SIM swap attacks.
Streamlining Cybersecurity: DHS's Recommendations for Cyber Incident Reporting.
This week, let’s consider a report issued by the Department of Homeland Security (DHS) in September, addressing recommendations aimed at harmonizing cyber incident reporting for critical infrastructure sectors.
Could the SEC's Fraud Charges Against SolarWinds and its CISO Reshape Cybersecurity Oversight?
This week, we're taking a close look at and considering the implications of the recent lawsuit filed by the SEC against SolarWinds Corporation and its Chief Information Security Officer, which claims that they committed fraud and neglected to maintain adequate internal controls in their cybersecurity practices.
SEC Seeks Disgorgement from Virtu for Misleading Statements on Customer Data Protection
This week, let’s highlight the SEC’s recent civil action against Virtu Americas and its parent company, Virtu Financial, seeking disgorgement for misleading statements about data protection.
SEC Adopts New Cybersecurity Disclosure Rules for Public Companies
This week, let’s address the SEC’s recently adopted rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incidents by public companies. We’ll look at the mechanics, summarize the changes, highlight effective dates, and offer some thoughts.
Top 5 Questions for Directors Re: Cyber Governance
This week, let’s focus on effective cyber governance by the board of directors, and propose some questions that every director should ask to protect themselves and their organizations from cyber risk and personal liability.
Top 5 Questions Every CISO Should Ask
This week, let’s consider some questions that every Chief Information Security Officer should ask to protect themselves and their organizations from cyber risk and personal liability.
SolarWinds Executives May Face Personal Liability as SEC Issues Wells Notices
This week, executive cyber-liability issues continue to emerge, and here, we’re covering the related latest news in connection with the SolarWinds hack.
FTC Charges Genetic Testing Company 1Health.io with Privacy and Security Failures
This week, let’s consider the case against 1Health.io. It’s the latest FTC privacy enforcement action, and it is the first case focused on the privacy and security of genetic information.
Texas Data Privacy and Security Act
The Texas Data and Privacy Security Act is the latest comprehensive state privacy bill to be signed into law. Here, we’re summarizing it.
US Intelligence Community Is Buying “Commercially Available” Surveillance Data – What are the Implications?
This week, let’s consider a recently-declassified report issued by the Office of the Director of National Intelligence on the Intelligence Community’s purchase and use of sensitive “Commercially Available Information.”
Janus - Use of Facial Recognition Expanded by the TSA
This week, let’s consider the Janus-faced tension between privacy and security as the TSA expands its use of facial recognition technologies in airports (while keeping its privacy policy far from a model of completeness).
When Atlas Shrugs – FTC Faults Amazon for Alexa and Ring
This week, let’s highlight the latest privacy enforcement actions by the Federal Trade Commission — two cases against Amazon; and also discuss the developing trend of holding company executives directly responsible for data protection.
Royal Ransomware Strikes Dallas – What Can be Learned?
When a library website goes down, it should not also disable police services. Let’s reflect on what we can learned from the Royal ransomware attack on the City of Dallas.