Should You Go "All In" with the Cloud? (And How to Manage That Risk)

While references to “the cloud” and “cloud computing” are significantly more familiar than they were five years ago, it remains clear that many organizations implement cloud resources ineffectively – or at least do not understand the implications of the shift. Some all-too-common lines of thinking: We’ve moved our applications to our cloud provider – what does that have to do with our software development life cycle?; Our cloud-platform provider is responsible for securing our applications and data; or We’ve outsourced that – and all the… more

Early Lessons from the Marriott Breach

On November 30th, Marriott announced that a guest reservation database on the Starwood side of its business had been breached. Initial reports indicated that upwards of 500 million individuals were affected. The stolen data includes quite sensitive information, such as guest passport details and, likely, payment card information. Although it will probably take time before we fully understand the details of the incident – which appears to have continued unabated since 2014 – there are lessons that we can learn from the details already in… more

Call Me, Maybe

$4.8 million. That is an impressive class-action settlement number, particularly when you consider that the automated calls and texts triggering the litigation and settlement arose from a single auto dealership. The auto dealer allegedly (link to complaint) violated the federal Telephone Consumer Protection Act (TCPA) by engaging a third party to deliver ringless voice and text messages to the cell phones of prospective buyers. Beyond the lessons learned by this individual business, the broader message for all organizations is a.) that it continues to be… more

A recent Harris Poll surveyed adults on the topic of corporate social responsibility and found, not surprisingly, that a majority of those asked stated that companies should – or perhaps “ought” – to have a mission beyond profit. What was surprising is that data privacy surpassed healthcare or even supporting veterans as the social issue that people most want companies to address. This follows an April 2018 poll sponsored by IBM evidencing deep concern among consumers about data security. Specifically, 73% of respondents indicated that businesses… more

The Benefits of the NIST Cybersecurity Framework for the Private Sector

Organizations of all types are increasingly subject to data theft and loss, whether the asset is customer information, intellectual property, or sensitive company files. The federal government and, thus, its private contractors have long relied upon the National Institute for Standards and Technology (within the Commerce Department) to develop standards and guidance for information protection. One of the most important of these is the fairly recent Cybersecurity Framework, which helps provide structure and context to cybersecurity. Private-sector organizations should be motivated to implement the NIST… more

The Importance of Context with Genetic Privacy

As consumers, when we think of privacy, one of the first adjectives that springs to mind should be “inconsistent.” Consumers claim to want their personal information used only for the purposes they originally provided it, and protected until (somewhat famously) they are asked to exchange their passwords for chocolate. This privacy paradox has been supported both anecdotally and with data-based studies. Without biting into the question of the quality of chocolate offered in the password exchange, the general point remains that individuals’ comfort levels appear… more

The Continuing Challenge of Cybersecurity Hygiene in Digital Health and Life Sciences

A recent issue of MIT’s Technology Review magazine is titled, “Look how far precision medicine has come.“ At least part of the premise is that personalized medicine or precision medicine is not perceived as having made the great strides promised nearly 20 years ago, when genome mapping was increasingly feasible and affordable. What is not up for debate is the extent to which life sciences and digital health firms rely upon increasingly distributed data collection and analytics. The data security challenges confronting healthcare delivery become… more

What the California Consumer Privacy Act Means for Marketers and Marketing

Just a month after the EU General Data Protection Regulation became effective, California enacted the Consumer Privacy Act of 2018, which has caused almost as much concern among organizations doing business there. Given the size of the state’s population and economy, a huge number of both domestic and international companies will be covered by the law when it becomes effective on January 1, 2020. What the CCPA Requires The CCPA includes several requirements that will be familiar to those still enjoying the obligations of the… more

The Likelihood of Company Executives Being Fired Post-Data Breach – It Isn't Pretty

In April 2018, Verizon released the 11th edition of its Data Breach Investigations Report. As usual, the Verizon DBIR contained interesting data points culled from more than 53,000 incidents and 2,216 confirmed data breaches. It won’t come as a surprise to many to learn that outside agents were responsible for the majority (73%) of cyberattacks in 2017. What may be surprising, though – and is undoubtedly disconcerting – is the assertion that internal actors (i.e., employees and contractors) were behind 28% of data breaches, with financial gain and… more