Posts By :

SethJaffe

Texas Narrows the Data Breach Notification Timeline

Texas Narrows the Data Breach Notification Timeline 1280 853 SethJaffe

By Seth Jaffe Last month, the Texas Legislature enacted H.B. 4390, which modified the Texas data breach notification law, narrowing the notification from “as quickly as possible,” to “without unreasonable…

read more

Canada’s Breach Notification Regulation Goes into Effect Today

Canada’s Breach Notification Regulation Goes into Effect Today 848 476 SethJaffe
Back in April, Canada adopted additional regulations related to its cyber security law, the Personal Information Protection and Electronic Documents Act (“PIPEDA”). The new regulations dictate requirements for reporting a data breach and they go into effect November 1, 2018. Specifically, a report to Canada’s Office of the Privacy Commissioner must contain: a description of [...]read more

Speed Warp – The Data Breach Notification Hustle

Speed Warp – The Data Breach Notification Hustle 1920 1080 SethJaffe
By Seth Jaffe. Companies are starting to feel the squeeze of compressed data breach notification time frames. Facebook is a prime example. Going by the wayside are the loose timelines for notifying agencies or data subjects, only to be replaced by concrete notification windows. At present, just under 20 states have injected specific time frame [...]read more

Is Your Cybersecurity Program Protecting Against Hardware Threats?

Is Your Cybersecurity Program Protecting Against Hardware Threats? 1224 816 SethJaffe
By Seth Jaffe. Last week, Bloomberg exposed a hardware backdoor surreptitiously placed on circuit boards by operatives from a unit of the China People’s Liberation Army. This tactic is not new. Indeed, the article claimed that U.S. officials had caught China attempting this in the past. Edward Snowden, back in 2014, famously accused the NSA [...]read more

Cyber Security ROI: It may happen sooner than you think

Cyber Security ROI: It may happen sooner than you think 1280 724 SethJaffe
By Seth Jaffe. You’ve heard it before. Companies are slow to invest in cyber security because they see few returns.[1]  But that is likely to change, and it may occur sooner than we expected. Let’s first set the context. An executive recently made the comment to me that “cyber security is just another cost of [...]read more

Alabama Requires Entities to Safeguard Sensitive Information

Alabama Requires Entities to Safeguard Sensitive Information 1280 853 SethJaffe
By Seth Jaffe. Alabama recently became the 50th state to pass a data breach notification law, but in doing so, the state upped the ante by including security obligations generally found in industry-specific cyber security laws. I’ve written about the Eight Principles of Cyber Security Laws in a prior blog post. Alabama adopted seven of [...]read more

The 8 Principles of Cyber Security Laws

The 8 Principles of Cyber Security Laws 1000 563 SethJaffe
By Seth Jaffe. The United States has yet to promulgate a comprehensive federal cyber security law aimed at improving the cyber hygiene of companies serving its citizens. But a collation of industry-specific laws (both federal and state), proposed bills, guidance documents, and cyber strategies yields a fair indication of where our nation is headed. This [...]read more

When It Comes to Cyber Security, Lack of Vendor Oversight Can Lead to Legal Trouble

When It Comes to Cyber Security, Lack of Vendor Oversight Can Lead to Legal Trouble 1920 720 SethJaffe
By Seth Jaffe. Third-party cyber security programs got a shot in the arm this week in the form of two legal actions. The first, well summarized by Sue Ross over at Norton Rose Fulbright, is a proposed consent agreement by the Federal Trade Commission against mobile phone manufacturer BLU Products, Inc., alleging that BLU’s failure [...]read more

Securing Financial Institution Core Migration

Securing Financial Institution Core Migration 640 240 SethJaffe
By Seth Jaffe. The Credit Union Information Security Professionals Association held its yearly meeting last week in San Antonio. One of the topics that came up often was core migration, a security issue that just got a booster shot from Tuesday’s article by Brian Krebs on that very subject. One of Krebs’ colleagues received an [...]read more

What the Hawaii Missile Scare Can Teach Incident Response Teams

What the Hawaii Missile Scare Can Teach Incident Response Teams 1280 480 SethJaffe
By Seth Jaffe. Heads finally rolled over at Hawaii’s Emergency Management Agency. What can the incident response community take away from this latest real-life example? Procedures, Rules, and Communication Protocols, which are the underlying principles of a modern incident response program. I’ve written about all three in prior incident response posts, but let’s apply them [...]read more

Security Provisions Negotiation in the Wake of the OCC Risk Report

Security Provisions Negotiation in the Wake of the OCC Risk Report 640 426 SethJaffe
By Seth Jaffe. The “severity of cyber threats is increasing.” It’s something most of us inherently understand, but now we have the Department of the Treasury’s Office of the Comptroller of the Currency (“OCC”) weighing in with its Fall Risk Report for banks and savings associations.  The OCC has been sounding the alarm for years [...]read more

Proposed Data Breach Prevention and Compensation Act of 2018

Proposed Data Breach Prevention and Compensation Act of 2018 1280 480 SethJaffe
In what appears to be a direct response to last year’s Equifax Breach, Senators Elizabeth Warren and Mark Warner introduced, this week, the Data Breach Prevention and Compensation Act, directly targeting large Credit Reporting Agencies (“CRAs”) like Equifax, Experian, and TransUnion. The Act comes with quite a sting, allowing for fines of up to 75% [...]read more