Encryption

News & Analysis as of

The Heartbleed Lesson for All Companies? Manage the Risk...

Threats to data privacy are not going away, but establishing appropriate security measures up-front, performing regular stress-tests on a security system, putting in place procedures to address a data breach and implementing...more

Agencies Issue Denial of Service Guidance and Guidance on ATMs

On April 3, the members of the Federal Financial Institutions Examination Council (FFIEC), including the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union...more

First Glance: Legal Implications of the Heartbleed OpenSSL Bug?

The vulnerability caused by the Heartbleed bug circumvents the purpose of OpenSSL: encryption. Therefore, the conclusion would appear to be that any data breach during the time of OpenSSL vulnerability would be reportable...more

Data-Encryption Is Patent Eligible Despite Not Being Tied to a Particular Machine - TQP Development, LLC v. Intuit Inc.

Addressing an argument that a data-encryption patent was directed to non-eligible subject matter because it covered an abstract idea divorced from a particular machine, Judge William Bryson, sitting by designation in the U.S....more

Do Not Forget to Lock the Backdoor: Adopting a Holistic Approach to Cybersecurity

While cybersecurity has traditionally focused on blocking attacks from the outside through perimeter defenses (e.g., firewalls, intrusion detection, penetration testing), unfolding facts concerning the recent Target data...more

Data Breach Wall of Shame: 2013's Highlights and Lessons

Since 2009, the HHS Office for Civil Rights (“OCR”) has posted all large data breaches – those that involve 500 or more individuals – online on its so-called “Wall of Shame.” In 2013, 160 large data breaches were reported to...more

Covered Entity Fined $150,000 For Stolen Unencrypted Thumb Drive

HHS recently announced that it fined a dermatology practice $150,000 for failing to reasonably safeguard an unencrypted thumb drive and failing to conduct an accurate and thorough risk analysis of electronic PHI....more

Another major medical data breach in California

Or….why are health care institutions still leaving laptops containing PHI unencrypted???? The Los Angeles Times (the “Times”) reported this week the theft of two laptops from an administrative office of hospital group...more

9th Circuit Joffe v. Google "Street View" Decision Raises Questions About Wiretap Act's "Radio Transmissions" Exception

Last week, the Ninth Circuit held that the Wiretap Act prohibits the kind of “interception” and collection of transmissions from unencrypted Wi-Fi networks that Google reportedly followed in compiling Street View data....more

Securing The Package Before It Goes Out: A Guide To Encryption

Preparing a production to opposing counsel is no longer a simple matter of Bates labeling paper documents, making copies of them, and putting the copies in a FedEx box. The advent of electronic discovery has made the...more

Free network feed-in for public channels in Germany

The German district court in Bremen held on the 9th of August 2013 that Kabel Deutschland (plaintiff), the biggest cable network company in Germany, is legally obliged to carry public channels, including that of Radio Bremen,...more

California Attorney General’s Report Reveals Millions Affected By Data Breaches In 2012

A report recently issued by the California Attorney General reveals that millions of Californians were the victims of a data breach in 2012, mostly due to intentional intrusions by outsiders or by unauthorized insiders....more

Recent California Decision Demonstrates Challenges Faced By Plaintiffs In Data Breach Litigation

On July 11, 2013, the U.S. District Court for the Central District of California granted a motion for judgment on the pleadings with respect to the majority of claims brought against Blizzard Entertainment, Inc. (“Blizzard”)...more

Privacy Monday - Breaches, lawsuits and legislation this Monday, July 15

Programming Error Leads to “Low Tech” Data Breach at Indiana Family and Social Services Administration - Although it started with a programming error, the breach itself was paper document. Apparently, a programming...more

A Hurdle To Obtaining Electronic Evidence

While many cases focus on electronic evidence available on employee laptops and behind corporate firewalls, massive volumes of electronic evidence can be found on the servers of companies that provide electronic processing...more

Is Your Cyber-Security Better Than a Fortune 500's?

Half of Fortune 500 companies would face “serious harm” or be “adversely impacted” by a cyber-attack. The greatest perceived harms are loss or theft of confidential information, loss of reputation and direct loss from...more

California AG Releases Data Breach Report, Proposes Data Security Policy Changes

On July 1, California Attorney General Kamala Harris (AG) released a report analyzing data breaches reported to her office in 2012, the first year companies were required to report to the AG any breach involving more than 500...more

Use Caution When Traveling With Encryption Software

"If you bring a laptop or smartphone outside of the United States, you need a basic understanding of how international export control laws may apply to your device’s encryption software."...more

Tips From Security Experts on Choosing and Storing Passwords

One of the most frequently asked questions I hear when I talk about estate planning for digital property is, “How should I choose and store secure passwords for my accounts?” There’s a great July 10, 2013, article by Dan...more

Lessons from the California AG’s Data Breach Report for the Health Care Industry

Our sister blog, Privacy and Security Matters, recently posted a comprehensive analysis of the newly released data breach report from the California Attorney General’s Office (AG Report). The AG Report is the first...more

NIST Issues Guidelines on Mobile Security

The National Institute of Standards and Technology (NIST) has issued guidelines to help federal agencies manage and secure mobile devices used by their employees for government business....more

California Attorney General Issues 2012 Data Breach Report – Announces Investigating Breaches of Unencrypted Personal Information...

In 2012, for the first time, companies and government agencies subject to California’s Breach Notification Law were required to submit copies of their data breach notices to the California Attorney General when the breach...more

Encryption is Key to Limiting Company Exposure for Data Security Breaches

Companies doing business in California may find themselves targeted for investigation if they fail to encrypt personal information, according to a recent report issued by the California Attorney General’s office. ...more

California AG Releases Report on 2012 Data Breaches

If You Care About the Security of Your Online Data or Just Love Charts, This Report is For You - Californians are a diverse bunch (as you’ve probably gathered from those commercials with Arnold Schwarzenegger), but...more

HHS OCR Director Leon Rodriguez's Dialogue on HIPAA/HITECH Compliance

“HIPAA is a valve, not a blockage,” stated HHS OCR Director Leon Rodriguez, at the OCR/NIST 6th Annual Conference on Safeguarding Health Information: Building Assurance through HIPAA Security....more

37 Results
|
View per page
Page: of 2