LATEST POST
New SEC Cybersecurity Disclosure Requirements Give Public Companies Only Four Days to Disclose Material Cybersecurity Incidents
This summer, the Securities and Exchange Commission (SEC) adopted rules to enhance and standardize disclosures by public companies regarding cybersecurity risk management, strategy, governance, and incidents. The rules will impose a number of new requirements, including disclosures regarding: Read more of this article at Workplace Privacy, Data Management & Security Report.
California Privacy Protection Agency Releases Draft Rules on Cybersecurity Audits and Risk Assessments
Ahead of its September 8 board meeting, the California Privacy Protection Agency (CPPA) has issued draft regulations on cybersecurity audits and risk assessments. Public comments will be requested once the formal rulemaking process is kicked off. Accordingly, the draft regulations are subject to change. Below are the key takeaways: Cybersecurity Audits Read more of this article at Inside […]
Russian Businessman Sentenced to Nine Years in Prison in $93 Million Hack-to-Trade Conspiracy
BOSTON – A Russian businessman was sentenced today in federal court in Boston for his involvement in an elaborate hack-to-trade scheme that netted approximately $93 million through securities trades based on confidential corporate information stolen from U.S. computer networks. Vladislav Klyushin, a/k/a “Vladislav Kliushin,” 42, of Moscow, Russia, was sentenced by U.S. District Court Judge […]
The Government Isn’t Sure How to Get Small Hospitals to Take Cybersecurity Seriously
The U.S. government is struggling to convince hospitals that they need to spend time and money fighting hackers and provide useful advice to them, a problem that could have lethal consequences as the country’s ransomware crisis rages on. “I don’t think we’ve figured out how to talk to the small and medium-sized organizations in a […]
Schneck Medical Center Settles State’s Lawsuit Over 2021 Data Breach
In September 2021, Jackson County Schneck Memorial Hospital (Schneck Medical Center) in Indiana disclosed that they had been a victim of a cyberattack. Their first statement is no longer available on their website but was archived by a news site. That statement did not disclose that personal and protected health information had been accessed and […]
Vendor Management from a U.S. Data Privacy Perspective
Given the increasing number of data privacy laws in the U.S., entering into appropriate data processing agreements (“DPAs”) with vendors has now become a critical component of vendor management. It can also be one of the most time-consuming and complex aspects of data privacy compliance. This article discusses when an organization should enter into a […]
Vivendi Ticketing US (“See Tickets”) notifying 323,498 consumers of payment card breach
Vivendi Ticketing US d/b/a See Tickets is notifying 323,498 consumers of a data security incident that compromised consumers’ payment card information. In a notification letter being sent this week, the ticket broker states that in May, they became aware of unusual activity on some of their e-commerce sites. Forensic specialists determined that unauthorized individuals had […]
Some Insights From IBM’s Cost of a Data Breach Report
Joe Lazzarotti at The Workplace Privacy, Data Management & Security Report calls our attention to some interesting findings in IBM’s annual Cost of a Data Breach Report. Some of these will not surprise you, but some may: Read more details on Workplace Privacy, Data Management & Security Report.