Tag Archives: data security

HR Bewar(y): Job applications and resumes could have ransomware attached

You recently engaged a contract HR recruiter to work onsite helping with increased hiring. The contractor is reviewing hundreds of job applications for several new job postings. Not surprisingly, many of the job applications have a PDF resume attached. The contract recruiter clicks on one of the attached resumes and enables the associated macro to … Continue Reading

After the Love Has Gone: Anticipating Data Issues in Your Contract Process

Any agreement between two parties begins with the rosy optimism that the good times will last forever. In the world of technology licensing and development, however, we know this is rarely the case. While this blog has previously considered data security oversight by the board of directors of the company, it is also important for … Continue Reading

New York proposes first cybersecurity rules

New York proposed first-of-its-kind cybersecurity regulations on Sept. 13, 2016. The proposed rules would apply only to banks, insurers, and other financial services companies regulated by the New York Department of Financial Services (“DFS”). However, the sweeping nature of the regulations and New York’s role as a banking center are likely to make the rules … Continue Reading

A Brief History of Bank Privacy

With all due respect to noted astrophysicist Stephen Hawking, this blog post will attempt to explain the bank privacy universe in a tiny package. Many tend to think “bank privacy” began with the Gramm-Leach-Bliley Act (“GLB” and technically The Financial Services Modernization Act of 1999). But this perspective misstates the origin of bank privacy and … Continue Reading

Terms of Use and Privacy Policy: Your navigation system in the ocean of e-commerce

Posting a terms of use document on your website or mobile application defines the terms that govern your customers’ use of your website or mobile application and greatly reduces your exposure to liability when providing goods or services through a web-based application. A privacy policy describes to your consumers what information you collect, how you collect … Continue Reading

HIPAA punches a serious blow: Advocate Health enters into $5.5-million settlement for violations

Anytime we conduct a training, we can’t help but turn blue in the face repeating over and over again the importance of conducting an accurate and thorough risk analysis of electronic PHI (ePHI). In the event of a breach or an audit, one of the first items the Office of Civil Rights (OCR) will ask … Continue Reading

Houston (Astros), We Have a Problem

Those in the privacy and data security (or baseball) world should be familiar with the St. Louis Cardinals and Houston Astros hacking incident. Former St. Louis Cardinals’ scouting director, Chris Correa, was recently sentenced to 46 months and ordered to pay restitution after pleading guilty to five counts of unauthorized access of a protected (Astros) … Continue Reading

Recent changes to states’ data security laws

States are updating their data security statutes in response to the increasing number of data breaches that are exposing residents’ personal information to unauthorized users. Two states in particular – Illinois and Tennessee – recently made sweeping changes to their respective data security statutes in an attempt to make organizations more responsive in light of … Continue Reading

Marketing in the age of data security

Technology has changed the way businesses market themselves to consumers. Businesses now have the ability to identify shifting consumer preferences, launch highly targeted advertising campaigns, and communicate instantly with potential customers. One thing this new marketing has in common? Consumer data. As marketing technologies evolve, companies should be aware that the myriad of data security … Continue Reading

Even your momma needs to comply with PCI DSS

It seems that everyone accepts credit cards nowadays – including the farmer who sells produce at my local farmer’s market (which I appreciate because I never have cash)! Anyone who accepts credit cards or debit cards, even a sole proprietor who processes a small number of transactions, must be in compliance with the Payment Card … Continue Reading

There’s a new privacy boss in town

For the first time in its enforcement history, the Consumer Financial Protection Bureau (“CFPB”) took action against a company for deceiving consumers about the company’s data security practices. The CFPB found that Dwolla, Inc. (“Dwolla”), an online payment system, made numerous false promises about the strength and extent of its data security practices. The CFPB’s action … Continue Reading

Information Governance in 2015 – did we learn anything?

2015 was quite a year for Information Governance, and it’s now time for a year-end post.  I’ve neither the prescience nor patience for making predictions, and after briefly flirting with a Star Wars/Holiday mash-up, I remembered that’s been done before, with tragic results. So, all that’s left is a single question, which may be the only … Continue Reading

Security, Data Breach & The Bottom Line: A Forecast For Manufacturers

Husch Blackwell along with CBIZ and UMB co-sponsored Security, Data Breach & The Bottom Line: A Forecast For Manufacturers on Oct. 29 at Boulevard Brewery in Kansas City. Seventy people attended the manufacturing-focused seminar, which covered various areas of vulnerability specific to manufacturers and included a special keynote by AUSA, John Cowles and FBI Agent Chris … Continue Reading
LexBlog