Skip to main content
 
 

Privacy News

Europe Tried to Rein In Google. It Backfired.Apr 20, 2016

Two years ago Europeans gained the “right to be forgotten” on the internet, but a court ruling has given the tech giant, Google, the authority to weigh an individual’s privacy against the public’s right to information.  

GDPR Likely to be Adopted by the EU Parliament on 14 April 2016Apr 12, 2016

The General Data Protection Regulation (GDPR) passed a critical vote today when the European Parliament’s Civil Liberties, Justice and Home Affairs Committee (LIBE) approved it by a 54-3 vote.  The GDPR now only needs to survive a plenary vote, which is scheduled to take place this Thursday, April 14th.  The new Regulation will go into effect at the end of a two year transition period, so now is the time to get prepared.  CSR offers our clients a GDPR version of Readiness so they will be READY for the GDPR once it becomes law.  

Settlement in Sony Pictures hacking case gets judge's OKApr 07, 2016

Sony Pictures has agreed to pay up to $8 million to resolve a class action lawsuit that resulted from a major cyber-attack.  Employees claimed that the company failed to protect their personal information, putting them at risk for identity theft.  While Sony does not admit any liability regarding the claims, they have agreed to pay up to $10,000 per individual and provide identity protection for two years.  Large companies like Sony Pictures, Target, eBay, and Home Depot have all suffered major breaches recently, proving that no organization is completely safe, even with complex IT security systems in place.  Small to medium size businesses need CSR’s Readiness Suite to evaluate where data security weaknesses occur and have a plan in place if their system is compromised.  

BakerHostetler Data Security Incident Response Report Reveals Being "Compromise Ready" Better Positions Companies to Respond to IncidentsMar 30, 2016

The release of the second annual BakerHostetler Report reveals some interesting facts.  Phishing/hacking/malware has moved to the top spot of reasons data breaches occur.  This is a shift from the previous year in which human error was identified as the leading cause.  The report also states that a company who is “compromise ready” will be in a better position to respond to breaches faster, contain the threat quicker, and potentially lessen the severity of these events.  CSRs Readiness Suite offers solutions for your business by evaluating and helping to remediate your risks for a breach, and having a plan in place if a breach does occur.  

Verizon Confirms Breach Affecting Business CustomersMar 29, 2016

Verizon confirms a breach, proving that no matter how good your security program is, no business is ever 100% safe.   Verizon assists clients in responding to data breaches and annually compiles and releases a report analyzing breaches across many industries, making them a huge prize for hackers.  These hackers infiltrated their system and advertised the sale of a database containing the contact information of Verizon customers, along with the option to purchase information about security vulnerabilities in Verizon’s Web site.  CSRs Readiness program will help your business identify weaknesses in your data privacy protection and will help remediate these vulnerabilities.  Companies need to be proactively protecting themselves against a breach at all times.  Get READY!

My company has had a breach: Whom do I have to notify?Mar 29, 2016

Experiencing a data breach is stressful.  Your first priority will be to stop the breach and prevent further intrusions to your system, but what you may not realize is you must immediately begin assessing your obligations to notify consumers, regulators, and other agencies.  This will be no easy task, especially considering the vast amount of laws that apply, not only in your state, but the states of every single one of your customers.  The last thing you want is to be hit with large fines and penalties for violating privacy, breach, and consumer notification laws.  What is a business owner expected to do under those circumstances?  Relax!  Let CSR handle all the breach reporting for you.  We deliver the right information at the right time to the right regulating bodies, and you can focus on the investigation of the breach itself and running your business.  

The Typo That Can Get You HackedMar 28, 2016

Ever make a mistake when you are typing in the name of a website in your browser? Some hackers are counting on that. They have bought websites with the misspelling of common names - such as netflix.om, instead of netflix.com. The bad name leads you to a site that indicates your flash player is old, etc., and when you update, the hacker uploads malware to your computer! 
Be careful out there! 

$1.55 million settlement underscores the importance of executing HIPAA business associate agreementsMar 21, 2016

The U.S. government is cracking down on businesses who fail to keep their clients’ personally identifiable information (PII) safe.  All companies have an obligation to protect its customer and employee PII, which includes the information that is passed to vendors and contractors.  CSR’s Readiness Suite identifies the risk of PII loss in your business and will help you comply with legal requirements to safeguard the PII you capture, manage, store and destroy.  In the event a breach does occur, CSR takes the burden of reporting that breach to the correct authorities under the respective time constraints.  The government is no longer accepting excuses from businesses that they were unaware of the requirements.  How much would a breach cost you?  Make Privacy SimpleSM

Happy Ending in Laptop Breach CaseMar 16, 2016

The returned laptop was password protected, but the information was not encrypted.  Per HHS OCR, that is not good enough.  Under the HIPAA security rule, organizations need to encrypt laptops and other computing and storage devices that are prone to theft or loss, unless they document why an alternative security measure is reasonable and appropriate.

First data security enforcement fine levied by CFPB against Dwolla Inc. for $100,000Mar 04, 2016

In a move that is most certainly a sign of things to come, the Consumer Finance Protection Bureau fined Dwolla Inc., an Iowa-based online payment system company, $100,00 for making false representations about the company’s data security practices in violation of the Consumer Finance Protection Act.   CSR’s Readiness program provides companies with the tools to determine the current state of their data privacy protection and helps them cure any identified deficiencies.  Businesses should get prepared now with Readiness before the CFPB comes knocking.

Obama signs bill extending privacy protections to alliesFeb 26, 2016

Since the collapse of the Safe Harbor agreement, American companies have struggled to find a way to transfer the data they need from the EU.  President Obama has signed legislation that will bring the US one step closer to making that happen.  CSR continues to monitor the situation closely, ensuring our clients have the most up-to-date information possible.  

France to adopt GDPR provisions before it comes into force in 2018Feb 23, 2016

France has taken a proactive approach in protecting personal data.  A new Bill has passed that adopts several provisions of the GDPR, which does not go into effect until 2018.  The new Bill, however, will go into effect later this year and amends several key provisions of the French Data Protection Act.  The most significant proposal under the new Bill is the sanction powers of the CNIL, which would be authorized to fine up to €20,000,000 or 4% of a company’s global turnover, whichever is higher, if the company does not comply with the Data Protection Act.  This action by France illustrates why CSR has been encouraging all of its clients to get prepared now for the GDPR and not wait until the last minute.

White House Secret Memo Details Broad U.S. Strategy to Crack PhonesFeb 22, 2016

A newly disclosed memo from the White House reveals a hidden plan to find encryption workarounds.  The government is trying to set a precedent for technology companies to build in backdoors on mobile devices, which may cause vulnerability for hacking.  If the government gets what it wants, the potential would exist to unlock any phone in someone’s physical possession.  

Obama Creates National Cybersecurity CommissionFeb 09, 2016
CSR is excited to see that the White House fully endorses our recommendations to all businesses, large and small, to proactively plan and protect their private data.

 

Post-Breach Costs and Impact Can Last YearsFeb 02, 2016

A new study finds that a majority of businesses feel the financial impact of a breach for months, or even years.  Financial strains can come from a variety of different sources, depending on the type of business.  One common factor though is the need to increase security after a breach.  Did you know that CSR’s Readiness program can help small and medium businesses prepare in advance to help limit the risk and fall out from a breach?