https://padlet.com/mj_frederick/8mtefztm9muw CTS 1120.0M1 en-us 2018-08-23 19:16:27 UTC 2018-10-10 02:36:50 UTC hello@padlet.com https://padlet.com/mj_frederick/8mtefztm9muw/wish/290491697 This article is about the 'Right to be Forgotten.' Currently this is only a law in the European Union and Argentina. One issue with this case is which court of law presides over this matter. Google is an American corporation but they have servers worldwide, mainly due to their presence in cloud technology. Because they have servers in EU domain, EU law can demand the data be taken down on servers within their territory. In America, there is no Right to be Forgotten; because of this, Google is within the law for this data to remain on their servers and in public access. 
The American people are evenly split on this issue. Many find this idea to contradict the Freedom of Expression and Free Speech. Others recognize the harm of having "inaccurate, irrelevant, inadequate, or excessive" data where the public can access it. Most Americans that are proponents of some form of Right to be Forgotten strictly target innacurate and false data which harms a person's quality of life. In the past, U.S. courts have ruled there to be "limits to the right to control one's life and facts about oneself," and that a person cannot ignore data simply because they want to.]]> 2018-10-08 20:57:54 UTC https://padlet.com/mj_frederick/8mtefztm9muw/wish/290491697 https://padlet.com/mj_frederick/8mtefztm9muw/wish/290521035 The article discusses a proposed law that would report any data breaches in the financial sector to consumers in a timely manner. This would be a federal law, and as such, will supersede any reporting laws that are currently in place in state law. This standardization will allow financial institutions to develop and utilize a framework across the board to allow for more efficient reporting of breaches. In turn, this will allow easier government enforcement of disclosure if a successful attack occurs, hopefully leading to better confidence in the security of consumers' financial data.

https://www.scmagazine.com/home/news/national-breach-notification-law-would-usurp-patchwork-of-state-laws/]]> 2018-10-09 00:18:26 UTC https://padlet.com/mj_frederick/8mtefztm9muw/wish/290521035 mark_deel https://padlet.com/mj_frederick/8mtefztm9muw/wish/290565140 This article is about the bipartisan legislation to modernize the Department of Homeland Security's Continuous Diagnostics Mitigation and make it a recognized program.  CDM will provide automation for our cyber security activities.

]]> 2018-10-09 05:26:34 UTC https://padlet.com/mj_frederick/8mtefztm9muw/wish/290565140 david_carman https://padlet.com/mj_frederick/8mtefztm9muw/wish/290567131 This article covers a report that found how much not following regulations, self-auditing, and training employees properly can cost a company. On average a non-complying company spends more than twice that of a company with an effective compliance program on compliance related costs. In some industries, such as financial services, there is almost a 600% difference in compliance costs.]]> 2018-10-09 05:45:26 UTC https://padlet.com/mj_frederick/8mtefztm9muw/wish/290567131 https://padlet.com/mj_frederick/8mtefztm9muw/wish/290703508 https://www.scmagazine.com/home/news/national-breach-notification-law-would-usurp-patchwork-of-state-laws/ 

It is a necessary that laws are starting to circle around data breaches that can affect us financially. Since many of our finances are tied to the digital world, aside the very few people who would only use cash hidden in pillowcases and around their house, a data breach to a financial institution could cost millions of people their lives. There have been several cases that have already happened that prove these actions are necessary. JPMorgan Chase was cyberattacked in summer 2014, which led to disruption of almost 80 million houses and 7 million businesses, costing the bank one billion dollars. In 2012, Global Payments Inc. took a big hit on it's North American servers as 1.5 million card accounts got hacked and data was stolen. Citibank had known of a digital vulnerability, resulting in a $19.4 million loss and affecting 360,000 credit holders. Again in 2009, 130 million cards were compromised with Heartland Payment Systems from a breach that resulted in a $2.8 billion cost. There are several other cases not listed here, but it is important to note that even high security financial institutions can be breached.

The recent bipartisan amendment to the Gramm-Leach-Bliley Act, or GLBA, hopes to empower consumers to better protect themselves if and when a breech or compromise occurs. It would mandate that financial institutions who are made aware of any breach notify their affected customers within a set period of time following the incident. It offers a standardization of existing laws that would supersede current state laws that may be lacking, and may mean that a consumer is able to take action before such a compromise negatively impacts them and their financial well-being.

First, you’ll want to check and confirm if you were affected by the breach. Companies are required to notify consumers on the incident some companies may provide links to check if you were affected and other may just tell you the situation. Companies may offer free services to help those affected, take advantage of the free perks. After that you’d want to know the potential impact of the breach to ensure your credit, address, social security or email information wasn’t breached. From there, check your credit reports and bank statements actively to notice any changes in case of identity theft. If there is, call or go to your bank immediately and clear things up. You may have to consider doing a credit freeze to ensure no new accounts get opened in your name. In the case that companies learned about the situation too late and you are already a victim of acts of identity theft placing Fraud Alerts on your accounts to inform creditors of your situation of being a victim could help find anyone using your information. If you find out someone is using your information report it and websites like Identitytheft.gov will help you with reporting that information.

]]> 2018-10-09 13:00:32 UTC https://padlet.com/mj_frederick/8mtefztm9muw/wish/290703508 https://padlet.com/mj_frederick/8mtefztm9muw/wish/290801195 The Internet Association has expressed their favor in national regulation with regards to internet privacy. This comes from the many separate laws and regulations that reside in state level jurisdiction which differs across each border. With a national policy, companies and agencies need to adhere to the national law in conjunction with state laws, patching up the loopholes that exist within current laws.]]> 2018-10-09 15:17:41 UTC https://padlet.com/mj_frederick/8mtefztm9muw/wish/290801195 https://padlet.com/mj_frederick/8mtefztm9muw/wish/290807229 https://www.scmagazine.com/home/news/weak-passwords-outlawed-out-west-california-law-aims-to-secure-iot-devices/

This article is about a law passed in California banning what are known as "weak" passwords. It is scheduled to go into effect in 2020. This law mandates the that companies require users to either have strong passwords or have a more secure way for users to login to a site. This government intervention may or may not help the password security problem because as we discussed in earlier classes, requesting more difficult passwords also leads to users repeating the same password for many sites which is counter productive where security is concerned. This law seems to address one aspect of the problem but isn't a silver bullet.The law also pushes for a stronger alternative to passwords which may help address this security issue more effectively.]]> 2018-10-09 15:25:13 UTC https://padlet.com/mj_frederick/8mtefztm9muw/wish/290807229 https://padlet.com/mj_frederick/8mtefztm9muw/wish/291037460 https://www.scmagazine.com/home/news/privacy-compliance/disney-sued-accused-of-violating-child-data-privacy-laws/

Last year, Disney was accused of violating COPPA, and faced a lawsuit (not their first one) for it.  The accusation states that Disney apps allow third parties to collect information about certain web activity in order to subject them to "behavioral advertising."

Disney responded by stating that is has a "robust COPPA compliance program" and that "the complaint is based on a fundamental misunderstanding of COPPA principles."  

This issue highlights a gray area in COPPA regarding what data should be protected.  Although the apps weren't collected traditional PII, they were collected information that about the habits of an individual.   As the article states: 

“The definition of personally identifiable information includes the concept of persistent identifiers — mechanisms such as cookies, unique device identifiers, or IP addresses, that can be used to identify a user over time and across different sites, even if the user’s name and address are not collected,” Cherepennikova said. “Unfortunately, the very definition of what constitutes ‘personally identifiable’ is open for debate as new technologies and services emerge.”]]> 2018-10-10 00:26:49 UTC https://padlet.com/mj_frederick/8mtefztm9muw/wish/291037460 https://padlet.com/mj_frederick/8mtefztm9muw/wish/291046940 https://www.scmagazine.com/home/news/navionics-misconfigured-mongodb-server-exposes-260000-records/

Navionics, a marine navigation company owned by Garmin, was recently alerted of a breach in their information security. A cyber risk researcher found the vulnerability with a serch engine, up to 19GB of data unprotected. Luckily it was brought to the attention of the company and secured before any malicious attackers got in, at least to the best of their knowledge.

Compliance with data protection rules and regulations could have helped prevent an exposure such as this.]]> 2018-10-10 01:22:09 UTC https://padlet.com/mj_frederick/8mtefztm9muw/wish/291046940 https://padlet.com/mj_frederick/8mtefztm9muw/wish/291056602 This is an article about the Exactis Breach which exposed millions of records, in the US this year. Although most of the information is personal in nature and it has not been found to be used in any major attacks yet. It is information that can be used to create phishing scams or other social engineering attacks that could compromise security on many levels and cost individuals immeasurable amounts of money in identity theft resolutions in the future. 

-These types of breaches might be what eventually pushes the US to adopt stricter privacy laws in the near future, or at least we can hope. ]]> 2018-10-10 02:23:16 UTC https://padlet.com/mj_frederick/8mtefztm9muw/wish/291056602