The Ponemon Institute’s 2016 [Data Protection Benchmark] study pegs the average cost of a data breach at $4 million, with per-record costs rising slightly to $158 each.
Following a report by The Wall Street Journal that the security vendor Tanium used a hospital’s live network as a demonstration platform on sales calls and even revealed private hospital data in a publicly posted demonstration video, Tanium CEO Orion Hindawi has admitted that mistakes were made in handling data from El Camino Hospital’s network.
Today, if you fail to advise clients to preserve relevant and unique mobile data when under a preservation duty, you’re committing malpractice.
Proposed Chinese regulations (open in Google Chrome for English translation) could substantially limit the ability of companies in China from sending data outside of that country. If implemented, the regulations would potentially affect almost any type of business or data flow.
Employees using private VPNs and Tor on an enterprise network are typically trying to hide their actions and do something that will not be detected by the organization’s security controls, he says. “Security bypass is the first step towards data theft or other destructive behavior,” Koo says.
When can an organization self-certify to the Swiss-U.S. Privacy Shield? Starting April 12, 2017, organizations can self-certify to the Swiss – U.S. Privacy Shield Framework.
Phishing can unlock a considerable amount of resources to a hacker. Businesses must have a complete and automated view of everything in their system, or they could be gutted before they’ve had time to think.
The inaugural annual review into the operation of the EU-US Privacy Shield is to take place in September this year. EU justice commissioner Věra Jourová confirmed the timing of the review in a speech in Washington late last week.
Congress decided that your ISP should be allowed to sell off your private browsing data, but the solutions to get around this are a bit complicated, costly, or just a pain.
The FBI recommends medical and dental healthcare entities request their respective IT services personnel to check networks for FTP servers running in anonymous mode.
AI is also beginning to help managers peer into personal aspects of job performance that used to be left up to managers’ instincts and observations.
The Cloud Security Alliance Cloud Controls Matrix (CCM) is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider.
Document review was just the beginning. In the past few years, corporate clients have shot dead another law-firm cash cow: the due diligence phase of a merger or acquisition.
The Security Audit Questionnaire from the EDRM was designed primarily to help evaluate the security capabilities of cloud providers and third parties offering electronic discovery or managed services.
When choosing a cloud service provider, it’s vital that the datacenter physically reside in a region or country in which data handling and storing legislation is favorable to your company’s business interests.
At JPMorgan Chase & Co., a learning machine is parsing financial deals that once kept legal teams busy for thousands of hours.
Kornbacher thinks privacy lawyers are poised to take on a bigger role in M&A deals, particularly during the due diligence phase.
Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature. This shows that the algorithm’s use for security-sensitive functions should be discontinued as soon as possible.
Many US companies may not realize that they might also have to comply with this new EU data security regulation. That’s because the GDPR applies to any business that holds data about, or which markets to individuals within the EU.
The Electronic Communications Privacy Act of 1986, a law passed before the widespread use of e-mail, instant messages and Internet-based social networks, doesn’t permit courts to require U.S.-based Internet service providers to turn over customer e-mails stored on servers outside the country.
Does the inevitable triumph of AI robots over human reason and logic mean that the legal profession is doomed? Will Watson be the next generation’s lawyer of choice? Ralph Losey does not think so and shares his thoughts on this important topic.
On January 11, U.S. and Swiss authorities announced final agreement on the Swiss-U.S. Privacy Shield Framework. The Framework defines standards for handling personal data exported from Switzerland to the U.S. and enables U.S. companies to meet Swiss legal requirements to protect personal data transferred from Switzerland.
On the e-discovery vendor front, the pace of consolidation of large service providers in 2016 was unprecedented compared to prior years.
A new survey reveals that 65 percent of senior IT and security executives think that the biggest security risks for business come from public clouds.