Let’s Get More Serious About AR and Privacy


Augmented Reality (AR) is the technology of the moment. While some of us have already experienced the thrill of catching a Dragonite in Pokemon Go, AR is not just all fun and games. In fact, depending on how an AR gadget is used, it can have significant privacy implications.

Continue Reading →

EU GDPR Spotlight: 72-Hour Breach Notification Rule


One of biggest and more controversial changes in the EU General Data Protection Regulation (GDPR) is the requirement for companies to report breaches of consumer personal data.  Fortunately, we recently had the chance to talk with an expert on GDPR compliance to find out some of the subtler details. “Likely to Affect” The first key […]

Continue Reading →

HHS to Investigate Smaller HIPAA Privacy Breaches


As  a reader of this blog, you know all about Health and Human Services’ (HHS) wall of shame. That’s where breaches involving protected health information (PHI) affecting 500 or more records are posted for the world to see. It’s actually a requirement of HIPAA – technically the HITECH Act. But now there’s been a slight […]

Continue Reading →

New SamSam Ransomware Exploiting Old JBoss Vulnerability


One of the lessons learned from the uptick in ransomware attacks is that it pays to keep your security patches up to date. A few months ago the SamSam/Samas malware was (and is still) having great success primarily against healthcare companies and hospitals. The attack vector, though, was not based on phishing or social engineering. […]

Continue Reading →

Six Authentication Experts You Should Follow


Our recent ebook shows what’s wrong with current password-based authentication technology. But luckily, there are a few leading experts that are shaping the future of the post-password world. Here are six people you should follow: 1. Lorrie Cranor @lorrietweet Lorrie Cranor is a password researcher and is currently Chief Technologist at the US Federal Trade Commission. She is […]

Continue Reading →

Summer Reminder: Cloud Storage Ain’t All That Private


I’ve written before about the lack of privacy protections for consumers storing content in the cloud. In looking back over my notes, I’d forgotten just how few cloud privacy rights we have in the real world. Using the typical terms of service (ToS) from some major providers as a benchmark, your rights to the uploaded […]

Continue Reading →

Data Privacy US-Style: Our National Privacy Research Strategy


While the EU has been speeding ahead with its own digital privacy laws, the US has been taking its own steps. Did you know there’s a National Privacy Research Strategy (NPRS) white paper that lays out plans for federally funded research projects into data privacy? Sure, the Federal Trade Commission has taken up the data privacy […]

Continue Reading →

One Take Away from Black Hat 2016: Designer Ransomware!


We had an amazing week at Black Hat 2016.  One topic that was on attendees’ minds— besides hacking Jeeps and chip-and-pin technology — was ransomware. A security analysis firm now warns us that ransomware has become more clickable because the thieves are localizing the phish mail. You should watch the video below for the full […]

Continue Reading →

What is the Minimum Acceptable Risk Standards for Exchanges (MAR-E)?


Under the Affordable Care Act (ACA) of 2010, there are now online marketplaces to buy health insurance. These are essentially websites that allow consumers to shop around for an insurance policy by comparing plans from different private providers. Result: US consumers can purchase health insurance using the same technology that allows them to buy books, […]

Continue Reading →

Hospitals (and Other Covered Entities) Will Be Randomly Selected for HIPAA Audits in 2016


With July coming to an end and the year more than half over, it’s a good time to look at where we stand breach-wise. Your intuition may be telling you that 2016 has been a bad year with hacking attacks reported daily. You intuition is right. The Identity Theft Resource Center is my go-to resource […]

Continue Reading →

Understanding Canada: Ontario’s New Medical Breach Notification Provision (and Other Canadian Data Privacy Facts)


Remember Canada’s profusion of data privacy laws? The Personal Information Protection and Electronic Documents Act (PIPEDA) is the law that covers all commercial organizations across Canada. Canadian federal government agencies, though, are under a different law known as the Privacy Act. But then there are overriding laws at the provincial level. If a Canadian province […]

Continue Reading →