In this eDiscovery Day educational panel with eDiscovery experts including Jennifer Hamilton (John Deere) and Scott Thayer (Dawn Food Products), presenters will discuss how to create a holistic framework for effectively managing data in the midst of new privacy and eDiscovery requirements.
In this recently published information note (October 2019), the Data Protection Commission (DPC) Ireland shares country-specific statistics and trends related to data breach notifications during the first year of GDPR.
Business Email Compromise/Email Account Compromise (BEC/EAC) is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests. The scam is frequently carried out when a subject compromises legitimate business or personal email accounts through social engineering or computer intrusion to conduct unauthorized transfers of funds. Between June 2016, and July 2019, more than $26B in exposed dollar losses due to BEC/EAC were reported to the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3).
Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent. Since early 2018, the incidence of broad, indiscriminate ransomware campaigns has sharply declined, but the losses from ransomware attacks have increased significantly, according to complaints received by IC3 and FBI case information.
The recently published research paper “Estimating the Success of Re-identifications in Incomplete Datasets Using Generative Models” shows how the likelihood of a specific individual to have been correctly re-identified can be estimated with high accuracy even when an anonymized dataset is heavily incomplete. The presented results reject the claims that, first, re-identification is not a practical risk and, second, sampling or releasing partial datasets provide plausible deniability. Moving forward, the results also question whether current de-identification practices satisfy the anonymization standards of modern data protection laws such as GDPR and CCPA and emphasize the need to move, from a legal and regulatory perspective, beyond the de-identification release-and-forget model.
“As technology seeps into practically every aspect of our daily lives, it is increasingly critical that we do everything we can to ensure the information that companies are trusted with is secure,” Governor Cuomo said. “The stark reality is security breaches are becoming more frequent and with this legislation New York is taking steps to increase protections for consumers and holding these companies accountable when they mishandle sensitive data.”
The work that Thomas Peyrin and his colleague, Gaetan Leurent, have done goes far beyond just proving SHA-1 chosen-prefix collision attacks are theoretically possible. They show that such attacks are now cheap and in the budget of cybercrime and nation-state attackers.
Utah Gov. Herbert signed off this week on a bill that positions Utah as the state with the strongest data privacy laws in the country when it comes to law enforcement accessing electronic information. The bill, HB57, establishes that a warrant must be secured before law enforcement may access electronic data held by a third party, thus protecting information passed to a third party such as Dropbox or Google Drive.
The United Kingdom (UK) has notified the European Union (EU) of its intention to withdraw from the European Union on March 29, 2019. In order to receive personal data from the UK in reliance on the EU-U.S. Privacy Shield Framework (“Privacy Shield” or “the Framework”), Privacy Shield participants must update their Privacy Shield commitments by the Applicable Date.
The Cloud Security Alliance (CSA) today announced the release of the CSA IoT Controls Framework, its first such framework for IoT which introduces the base-level security controls required to mitigate many of the risks associated with an IoT system operating in a range of threat environments.