Cybersecurity

SEC and Cybersecurity—What Publicly-Traded Companies Need to Know

Note from the Editor:

Mary Ellen Callahan, CIPP/US, and Elaine Wolff, both of Jenner & Block, will be part of the breakout session "The SEC and Cybersecurity: What Every Publicly Traded Company Must Know" at the IAPP Global Privacy Summit in Washington, DC, on March 7 at 8:30 am. They will be joined by Nicole Maddrey, Vice President, Deputy General Counsel & Assistant Secretary, at Graham Holdings and Tangela Richter, Functional General Counsel—Direct Bank and Brokerage, Capital One.

With the news that Target intends to wait until it files its annual report in March with the Securities and Exchange Commission (SEC) on the investment consequences of its massive cybersecurity intrusion from 2013, the SEC and cybersecurity once again gains attention.

From the Wire

Tuning the Privacy/Customer Service Dial

By Jedidiah Bracy, CIPP/US, CIPP/E

Twitter handles can be valuable commodities, and no story better demonstrates that than one described by web developer Naoki Hiroshima. Originally published on his personal blog and then republished with permission by TheNextWeb, “How I lost my $50,000 Twitter username” describes the ordeal he went through when a hacker decided he wanted Hiroshima’s Twitter handle @N—registered to Hiroshima since 2007.

In a nutshell, a hacker decided he wanted @N and was going to do just about anything to get it—without paying any money, of course. To do so, according to the hacker himself (someone call “Ripley’s Believe It or Not”), he socially engineered his way into Hiroshima’s GoDaddy account, which controlled several of his website domains, in order to wrest control of @N from Hiroshima. Give up the Twitter handle and the hacker would take his hands off the throat of Hiroshima’s websites.

Extortion at its finest.

More from Jedidiah Bracy

From the Regulator

Living in Interesting Times—A View from the New Zealand Privacy Office

One of the dubious delights of being a privacy regulator is the unexpected things that crop up during every working week. It doesn’t matter how I plan and prioritise work—some headline-grabbing issue or urgent demand for time and attention will come across the desk and force a rethink. It can be a challenge, but it certainly keeps the job interesting.

More from Katrine Evans

Practical Privacy

How to Lose Your Data In 10 Days

By Heather Federman, CIPP/US

It’s no longer an “if” you’re the target of a data breach; it’s just a matter of “when.” Data loss incidents are becoming an unfortunate rite of passage. More and more businesses have found themselves exposed and ill-prepared to manage the fallout. While the average cost of a breach equals $5.5 million, the public reaction fosters graver implications. The resulting “business shock” not only paralyzes operations, but it also damages relationships with regulators, partners and consumers.

How can you best prepare and defend your organization? How can we all make 2014 the year of “data stewardship?”

More from Heather Federman

Privacy Profession

Engineers and Lawyers in Privacy Protection: Can We All Just Get Along?

By Peter Swire, CIPP/US

In March 2013 we participated in a panel titled “Re-Engineering Privacy Law” at the IAPP Privacy Summit. The topic of the panel closely matches the topic of this book, how to bring together and leverage the skill sets of engineers, lawyers, and others to create effective privacy policy with correspondingly compliant implementations. As a software engineering professor (Antón) and a law professor (Swire), we consider four points: (1) how lawyers make simple things complicated; (2) how engineers make simple things complicated; (3) why it may be reasonable to use the term “reasonable” in privacy rules but not in software specifications; and (4) how to achieve consensus when both lawyers and engineers are in the room.

More from Peter Swire