Monthly Archives: November 2015

Cybersecurity Developments at the SEC

In September 2015, the Securities and Exchange Commission took two separate but significant actions related to cybersecurity in the securities industry. Because they occurred so close together, the actions had some people wondering whether they were linked, suggesting an imminent increase in enforcement actions by the agency. Both actions are important, not only to securities firms in particular, but to anyone interested in understanding the agency’s viewpoint when it comes to cybersecurity. But, when viewed in context, the SEC’s recent actions do not appear to signal any meaningful shift in agency behavior. Notwithstanding, they should serve as a reminder to …

[ CONTINUE READING ]

When it Comes to Privacy Laws, California Leads the Way

California is, by far, the king of states when it comes to privacy laws. California’s constitution is one of only 10 state constitutions that contain an explicit “right to privacy,” recognizing each citizen’s “inalienable right” to privacy. Its state laws in many areas have often been precursors to federal legislation or national legislative movements, and that’s certainly true in privacy law as well. For example, California had health privacy laws before HIPAA even existed, and it had the nation’s first data breach notification law, which spawned copycat legislation in almost every state. Last month, California passed a few more laws …

[ CONTINUE READING ]

Recognizing the Role and Importance of the CISO

In July of this year, we reported on the Cybersecurity Assessment Tool published by the Federal Financial Institutions Examination Council.  The FFIEC is an interagency organization that establishes the examination standards for financial institutions, including banks, federal savings associations, state savings associations, state member banks, state nonmember banks and credit unions. As you may recall, the Cybersecurity Assessment Tool is a voluntary tool designed to assist all financial institutions in conducting a self-assessment of cyber risks and to inform their risk management strategies. This month, the FFIEC published an updated “Management” booklet to its Information Technology Examination Handbook (“IT Handbook”). …

[ CONTINUE READING ]

How Does Your Terms of Service Agreement Rate?

Online terms of service agreements are the rarely-read but often-mocked daily annoyance of Internet users worldwide.  A large (literally) barrier to the immediate gratification of access to online content, most of us are guilty of blindly clicking “I accept” when prompted.  We do this, often with a very limited understanding that in exchange for “businesses giv[ing us] these fantastic services, Google Search, Facebook and many other things, for free[,]” we give those businesses information they then commercialize by, for example, selling to advertisers.  Often unknown to us is exactly what information we are giving, who is seeing it, or how …

[ CONTINUE READING ]

HIPAA and Text Messaging

Text messaging is pervasive.  Doctors and other health care providers, covered entities, and business associates currently use (and embrace) the technology.  Texting is easy, fast and efficient.  It doesn’t require a laptop and can operate even where wireless signals are low.  It doesn’t require you to scroll through your email inbox or retrieve your voicemail. All of this convenience is coupled with compromise, leading to security risks that can be difficult to manage. There is the obvious risk of unauthorized access to protected health information.  For example, unless preventive measures are employed: anyone with access to the mobile device will …

[ CONTINUE READING ]