Target and Neiman Marcus: We Did All We Could

February 5, 2014

A Record Night of Privacy After Hours Gatherings

January 31, 2014
Privacy pros know that when they gather on IAPP Privacy After Hours nights they are part of something big. This Tuesday night, however, was bigger than ever. More than 500 people that work with data—from all levels of experience, every sector and industry—gathered around the world in more than 30 locations.

What Will the New CPO at NSA Do, Anyway?

January 30, 2014
How will NSA Civil Liberties and Privacy Officer Rebecca Richards, CIPP/US, CIPP/G, do things? While she asked for some time to get up to speed before speaking with The Privacy Advisor, it’s possible to get some indications of the shape of the job, and what Richards will do with it, by looking at how the position has been framed and how Richards has served in the privacy office at DHS.

What’s Bruce Schneier Doing at Co3?

January 28, 2014
Why would an internationally known thinker on security issues leave a gig as chief security technology officer at a large telecom to serve as CTO of a much smaller software company? That was a question some observers might have been pondering when incident response software maker Co3 announced earlier this month that Bruce Schneier was joining the company. In this feature, Schneier answers that question and shares his thoughts on how Co3 can help the security and privacy communities.

The Big News from IAPP Data Protection Congress

January 28, 2014
The IAPP’s recent Data Protection Congress in Brussels proved to be full of robust discussions and even disagreements on the future of everything from Safe Harbor to notice-and-consent to NSA spying. In this roundup, we summarize the most stimulating conversations and presentations, including a showdown between former U.S. National Security Agency (NSA) General Counsel Stewart Baker, anonymous Internet platform Tor’s Jacob Appelbaum, Vodafone CPO Stephen Deadman and Ralf Bendrath, policy advisor to German MEP and Data Protection Regulation Rapporteur Jan Philip Albrecht.

State Attorneys General as U.S. Privacy Regulators—Q & A with Maryland AG Doug Gansler

January 28, 2014
In this Q &A, Divonne Smoyer, CIPP/US, shares insights from Maryland AG Doug Gansler, who has been at the forefront of privacy protection efforts by state attorneys general. In 2013, as president of the National Association of Attorneys General, Gansler’s focus was “Privacy in the Digital Age.” He tells Smoyer, “State attorneys general have long been champions of consumers’ privacy in the physical marketplace, where breaches of privacy are more easily contained,” explaining, “if a company improperly disposes of a file with sensitive personal information a consumer shared, it may only be seen by a few people. In the Digital Age, however, the risks of sharing sensitive personal information are far greater.”

How Baidu Wraps Privacy Into New Products

January 28, 2014
The world’s second-largest search engine, China-based Baidu, is continuing to look at expansion into emerging markets. Whenever it approaches a new market, Global Marketing Director Richard Lee explains, dedication to privacy is part of the company’s communications. He tells Publications Director Sam Pfeifle, “China is actually doing a great deal to keep in line with modern times. … I agree that maybe we at Baidu need to do more to prove that we respect privacy than some Western companies, but we don’t lack those kinds of concepts here in China. We want to keep in line with international standards.”

Data-Centric Security: Reducing Risk at the Endpoints of the Organization

January 28, 2014
In this time of increased attacks on IT networks, the king’s men are in overdrive attempting to stay ahead of these threats targeted at stealing our information. CIOs and CISOs are in a constant state of evaluating, implementing and reevaluating processes and solutions that secure the perimeter and safeguard the networks and the devices within the organization. Jim Wyne, CIPP/US, looks at data-centric security to mitigate risk and “ensure the most important asset of the business, the data, is protected.”

Plaintiffs Alleging Only “Future Harm” Following a Data Breach Continue to Face a High Bar

January 28, 2014
While courts have mostly found that an increased risk of harm such as potential identity theft is insufficient to confer standing or establish damages, the law in this area remains unsettled. The Supreme Court’s ruling in Clapper may make it more difficult for such cases to proceed. Until this issue is settled, there will likely be forum shopping and forum selection clauses in contracts to help potential litigants prosecute or defend such cases. Dana Post of Freshfields Bruckhaus Deringer takes a closer look.

New Law Could Require ‘Incident’ Reporting, Whether Data Is Compromised or Not

January 28, 2014
In February last year, the European Commission put forward its cybersecurity strategy, the main cornerstone of which is a Network and Information Security (NIS) Directive. The proposed Data Protection Regulation, currently being examined by the European Parliament, only covers security incidents where personal data is compromised. Therefore cyber attacks that do not target data would not need to be reported. The NIS Directive would change that.

How To Change Employees’ Poor Password Habits

January 28, 2014
Password reuse across multiple websites and company logins is a major weak link in a company’s security system. In a survey CSID conducted in 2012 on password habits, it was found that 61 percent of the respondents reused the same password for multiple sites, and 44 percent of respondents reported they change their passwords once a year or less. Employee password reuse creates a new layer of risk for businesses, especially when major enterprises are hacked. A breach today can affect more than just the initial company—it can affect your business and many others.

2014 Best Predictions for Privacy—and Security

January 28, 2014
Each year about this time, Brian Dean, CIPP/US, pulls out his “foggy crystal ball” to predict the future of privacy and security in the year ahead. “For data privacy and security professionals,” he predicts, 2014 offers reasons for “optimism, but with looming midterm elections and recent significant data breaches, only subtle privacy improvements are likely.”

Justice Dept. To Allow Some Transparency; More Surveillance Programs Revealed

January 28, 2014

Book Review: The Future of Privacy

January 28, 2014
Being a strong believer in taking a pragmatic approach to compliance, K Royal was pleased to read The Future of Privacy by Eduardo Ustaran, CIPP/E, published by DataGuidance. In general, she finds the book, available through the IAPP, to be thorough, on point and useful to privacy professionals. “This book went the further step and was actually fun to read and useful to those of the general public who have an interest in privacy,” she writes.

Ten Steps to a Quality Privacy Program, Part Six: Test Your Incident Response Program

January 28, 2014
In part six of the series "Ten Steps to a Quality Privacy Program," Deidre Rodriguez, CIPP/US, looks at testing incident response programs. This should involve key stakeholders from various departments. The process should happen twice a year and should involve a number of action items. “You do not want to find yourself in the middle of an incident and realize that you do not have what is needed to respond efficiently and effectively,” Rodriguez writes.

Page 5 of 45 pages ‹ First  < 3 4 5 6 7 >  Last ›