Healthcare Data Breaches
Latest Incident
Banner Health
Date: 02/21/2014
State: AZ
# of Records: 55,207
Type of Breach: Other
Source: www.HHS.gov

Featured Articles
A Cloud Security Breach? It Can’t Happen to Me!
 
Traitors in Our Midst
 
Case Study: Alleged Wrongful Data Collection
 
Encryption Key Management Options: Hardware, Virtualized, and Cloud… Oh My!
 
New Year, New Requirements for Consumer Web Sites and Mobile Apps
 

Cyber Risk News
Sally Beauty Hit By Credit Card Breach

Bitcoin bank Flexcoin shuts down after $600,000 theft

1,700 Detroit employees' personal data breached

Minnesota Breach Law Amendment Bill Would Require Notice Within 48 Hours

Aviva customer car insurance accident details stolen


Data Protection News
Security vendor blames Amazon for customer malware
 
CrowdStrike offers new free Heartbleed Scanner tool
 
Self-taught hackers rule
 
Heartbleed bled out and now, an arrest
 
Verizon breach report makes case for behavioral analytics
 
Will Facebook's IPO Cybersecurity Disclosures Set the Tone Under SEC's New Guidance?
by Robert A. Oestreicher, Baker Hostetler

Facebook filed its long-awaited Form S-1 with the SEC on February 1. Given the nature of its business, concerns regarding data privacy were peppered throughout the filing. While other business risk factors may be paramount (e.g., reliance on Zynga, slowing growth, etc.), data privacy has been and will continue to be an important issue for Facebook.

For instance, in November 2011 Facebook settled a case with the FTC in which it agreed to subject itself to bi-annual privacy audits for the next 20 years. Using this example, the filing states that Facebook expects to continue to be subject to similar regulatory investigations regarding privacy going forward.

The filing also cites new and changing laws and regulations regarding data privacy, both U.S. and foreign, as potentially having the following negative consequences on Facebook’s core business:

“[Such laws and regulations] can be costly to comply with and can delay or impede the development of new products, result in negative publicity, increase our operating costs, require significant management time and attention, and subject us to claims or other remedies, including fines or demands that we modify or cease existing business practices.”

Considering the risks presented by continued pressure on the data privacy front, Facebook says it is not taking any chances, putting in place “a dedicated team of privacy professionals who are involved in new product and feature development from design through launch; ongoing review and monitoring of the way data is handled by existing features and apps; and rigorous data security practices.”

Facebook’s cybersecurity disclosure represents a fairly sophisticated example of a disclosure prepared subsequent to the fairly recent guidance released by the SEC on this topic. Facebook’s disclosure here could be seen as a blueprint for other companies going forward.

By contrast, VeriSign is facing scrutiny for waiting until September 2011 to disclose successful attacks against its corporate network that occurred in 2010. VeriSign’s 2011 disclosure contained little information about the nature of the attacks, the type of data that was taken, and the remedial measures that were taken. VeriSign did insist that its SSL business had not been compromised.

To continue reading you must login.