Skip to main content

Privacy News

$475,000 HIPAA Penalty for Tardy Breach Notification - Incident Involved Relatively Small Breach of Paper RecordsJan 13, 2017

The Federal Government continues to show business owners that they take data breach notifications very seriously.  Federal regulators issued a $475,000 fine to Presence Health for not sending breach notifications in a timely manner when the PHI of 836 individuals was compromised. 
This should be a wake-up call for all businesses, but small to medium size businesses in particular should address the gaps in their organization’s information security programs to better prepare for a breach.  The CSR Readiness® Pro Edition comprises both the proactive program of Readiness, which assesses their privacy procedures and gives remediation tasks to improve, but also includes the reactive component of the Breach Reporting Service which provides breach notifications on time to all required agencies.  It is a true 360° privacy solution for the small to medium size business.    

Verizon Puts Yahoo on Notice After Data BreachOct 14, 2016

The $4.8 billion negotiations between Verizon and Yahoo has suffered a major setback after the recent disclosure of a data breach affecting more than 500 million Yahoo accounts.  The merger agreement contains language that gives Verizon leverage to renegotiate or even walk away if the value of a transaction has been hurt by a significant development, which is exactly what Larry Ponemon, chairman of Ponemon Institute, thinks has happened.  “What this does is it basically puts the value of that asset as a lot less”, said Ponemon, signaling that the value of a company can and will be adversely effected by a data breach and the lack of appropriate preparedness. 

There has never been a more critical time to protect your company’s value and reputation.  CSR can help by providing both a PROACTIVE and REACTIVE solution.  Don’t let a cyber-attack rob you of everything you’ve worked so hard to build.  Let us show you how we Make Privacy Simple.  

Yahoo hack spurs push for legislationOct 03, 2016

Yahoo recently made headline news after disclosing that hackers stole data from at least 500 million accounts in 2014.  While a breach of this size is catastrophic on its own, it is further complicated by the revelation that Yahoo may have been aware of the hack for months.  This discovery has sparked lawmakers to take another look at setting a national standard for data breach notification.  According to Sen. Richard Blumenthal of Connecticut, “This breach demonstrates the urgent need for Congress to enact data breach and security legislation — only stiffer enforcement and stringent penalties will make sure companies are properly and promptly notifying consumers when their data has been compromised.”
Your business should start preparing for this new legislation now.  Let CSR show you how our 360 solution to data privacy can help protect your business from a breach, as well as fulfill all mandatory breach reporting requirements.   

The ‘Brave New World’ Of CybersecuritySep 17, 2016

Dr. Ross Federgreen, CEO of CSR Professional Services, weighs in on the challenges faced by security integrators today.  In this must-read article about the new world of cybersecurity, experts from around the country offer a revealing look at the threat business owners face and suggest steps for building a cyber plan.  

Bitcoin Plunges After hacking of Exchange in Hong KongAug 05, 2016

Bitcoin has long been associated with the payment of ransomware in the US.  In an ironic twist, they were recently breached and hackers stole over $60 million from the Hong Kong based exchange, Bitfinex.  Bitcoin halted trading, deposits and withdrawals while it investigates.  The company reports that no US currency was involved in the breach. 

Microsoft wins landmark appeal over seizure of foreign emailsJul 14, 2016

The 2nd U.S. Circuit Court of Appeals ruled in a 3-0 decision that the U.S. government cannot access overseas data with a warrant.  This decision reversed a 2014 ruling requiring Microsoft to turn over emails pertaining to a narcotics case.  The government wanted access to a user’s email data that is located in Dublin, Ireland.  The panel based its judgment on the 30-year-old U.S. Stored Communications Act. Circuit Court Judge Sarah Carney stated that the act, “does not authorize courts to issue and enforce against U.S.‐based service providers warrants for the seizure of customer e‐mail content that is stored exclusively on foreign servers.”

Pokemon Go: the more EULA knowJul 14, 2016

Update Your Pokémon Go App Now to Fix That Privacy Mess

If you downloaded the original app, the EULA “demanded full access to all of your Google account information.”  Short of changing your password, it can see everything.  If you download their first update, it reduces access to your Google User ID and email address.

How human error can thwart enterprise security protectionsJun 30, 2016

As privacy professionals continually look for ways to protect organizations from data breaches, what is becoming more and more evident is that human error is to blame for a significant amount of company breaches.  “We can plug any port in the firewall. We can implement any device to capture the information. The weak point within any organization is the people,” said Avi Berliner, manager at PwC. “It’s not that we don’t trust these people. It’s just that people are human.” 
It is crucial for every company to have a strong data protection plan in place.  CSR Readiness Pro Edition delivers a PROACTIVE solution, enabling small to medium size businesses (SMB) to assess their privacy procedures, and in the event of a breach, the patented Breach Reporting Service is the REACTIVE solution that provides breach reporting for the SMB.

For privacy pros, Brexit nothing to panic aboutJun 24, 2016

CSR agrees with the sentiments of Mark Keddie, CPO at BT, London-based owner of British Telecom when he says “As a global facing business, events like this demonstrate the need to have robust assurance frameworks that can absorb external environmental factors without having a detrimental impact on the privacy of customers or the effectiveness of the business.”  Earning CSR’s Readiness’ Certificate of Completion will show your customers, vendors and employees that you are privacy-ready.

IBM & Ponemon Institute Study: Data Breach Costs Rising, Now $4 million per IncidentJun 15, 2016

According to a study from the International Business Machines Corp. and the Ponemon Institute, the average cost of a data breach for companies surveyed has grown to $4 million, representing a 29% increase since 2013.  The report shows that leveraging an incident response team was the biggest factor associated with reducing the cost of a data breach.  Disclosing the breach to appropriate government/regulatory officials and consumer notification is extremely complex and time consuming.   With the CSR Breach Reporting Service, privacy experts can provide breach reporting and assist our customers with consumer notification as well, eliminating some of the stress caused by a breach.

German privacy regulator fines Adobe, others over defunct data transfer pactJun 07, 2016

With Safe Harbor gone, and the future of the EU-US Privacy Shield in doubt, companies are finding it difficult to transfer personal data out of the EU without risk of a privacy enforcement action.  A German privacy regulator has proven that there is indeed a cause for concern, fining three international companies thousands of euros for unlawfully transferring data to the U.S.  With no concrete deal in place, “The uncertainty has left many firms in a legal limbo. Supporters warn that absent a new deal, the future of the behemoth bilateral trade relationship between the U.S. and the EU — valued at $1 trillion in 2014 — will be endangered”.  CSR continues to monitor the developments, ensuring our clients have the most up-to-date information as possible.  

Are You Prepared For Your Vendor's Data Breach?May 23, 2016

If you use a vendor in any capacity that allows them to receive, view, or transmit any of the personal data your business controls, your business must maintain active oversight of the vendor.  It is important to remember that when a vendor performs a service or function, your business bears ultimate responsibility for compliance.  With good vendor management, you can minimize the risk of less direct oversight or control and maximize the benefits gained through a well-managed vendor relationship.
CSR is committed to helping small  and medium size businesses learn how to protect themselves from a data breach, including breaches caused by vendors.  

117 million LinkedIn emails and passwords from a 2012 hack just got posted onlineMay 18, 2016

A hacker known as “Peace” is selling account information from millions of LinkedIn users.  The stolen data includes email addresses and passwords that were encrypted with “no salt”, meaning they are more easily cracked.  In fact, a report by Motherboard states that 90% of the passwords were cracked within 72 hours, and several of the victims were still using their same password from 2012.  A strong password is your first line of defense against intruders and there are several steps you can take to lower the risk of being hacked.  Among other things, a password should be at least eight characters of lowercase and uppercase letters, numbers, and symbols.  It should also be changed periodically and should not be reused for at least a year.  By creating strong passwords, you can greatly reduce the chance that your personal or financial information will be stolen.  

Congress warned about cybersecurity after attempted ransomware attack on HouseMay 12, 2016

Every day, businesses, consumers, government and other organizations are finding that their system has been breached and their data is being held hostage.  No organization is safe, as the House of Representatives recently found out. 
The House technology service desk had previously warned of increased ransomware attacks on the House network, and in late April one of the representatives or their staff members fell victim to an attack. 
It is crucial that you educate yourself and your employees on this real and present danger to your business.  Learn how hackers infiltrate your system and ways to protect your business against an attack.  CSR’s Readiness Suite will help you identify and remediate areas of weakness and the Breach Reporting Service™ will fulfill all necessary reporting and consumer notification requirements.  Make Privacy Simple.

3 things to do when looking for Cyber insuranceApr 26, 2016

Experiencing a cyber-attack should be considered a high probability event, and mitigating this risk is vitally important for a company to survive.  Cybersecurity insurance can be a valuable tool for relieving the financial burden of an incident, but choosing the right one can be a difficult task.  Reducing your risk is an important step when shopping for a cyber liability policy.  Evaluating weaknesses to your organization, having a well-documented incident response plan, and implementing annual cybersecurity risk assessments can save you a lot of money when negotiating the terms and rates of a policy.