Healthcare Data Breaches
Latest Incident
Banner Health
Date: 02/21/2014
State: AZ
# of Records: 55207
Type of Breach: Other

Featured Articles
A Cloud Security Breach? It Can’t Happen to Me!
Traitors in Our Midst
Case Study: Alleged Wrongful Data Collection
Encryption Key Management Options: Hardware, Virtualized, and Cloud… Oh My!
New Year, New Requirements for Consumer Web Sites and Mobile Apps

Cyber Risk News
Sally Beauty Hit By Credit Card Breach

Bitcoin bank Flexcoin shuts down after $600,000 theft

1,700 Detroit employees' personal data breached

Minnesota Breach Law Amendment Bill Would Require Notice Within 48 Hours

Aviva customer car insurance accident details stolen

Security and Compliance News
Are data breaches the new normal?
Malware by the numbers
Study: Not enough users are trained for security
Heartbleed: What it is and how to stay safe
5 tips to reduce the risks of running Windows XP
Will Facebook's IPO Cybersecurity Disclosures Set the Tone Under SEC's New Guidance?
by Robert A. Oestreicher, Baker Hostetler

Facebook filed its long-awaited Form S-1 with the SEC on February 1. Given the nature of its business, concerns regarding data privacy were peppered throughout the filing. While other business risk factors may be paramount (e.g., reliance on Zynga, slowing growth, etc.), data privacy has been and will continue to be an important issue for Facebook.

For instance, in November 2011 Facebook settled a case with the FTC in which it agreed to subject itself to bi-annual privacy audits for the next 20 years. Using this example, the filing states that Facebook expects to continue to be subject to similar regulatory investigations regarding privacy going forward.

The filing also cites new and changing laws and regulations regarding data privacy, both U.S. and foreign, as potentially having the following negative consequences on Facebook’s core business:

“[Such laws and regulations] can be costly to comply with and can delay or impede the development of new products, result in negative publicity, increase our operating costs, require significant management time and attention, and subject us to claims or other remedies, including fines or demands that we modify or cease existing business practices.”

Considering the risks presented by continued pressure on the data privacy front, Facebook says it is not taking any chances, putting in place “a dedicated team of privacy professionals who are involved in new product and feature development from design through launch; ongoing review and monitoring of the way data is handled by existing features and apps; and rigorous data security practices.”

Facebook’s cybersecurity disclosure represents a fairly sophisticated example of a disclosure prepared subsequent to the fairly recent guidance released by the SEC on this topic. Facebook’s disclosure here could be seen as a blueprint for other companies going forward.

By contrast, VeriSign is facing scrutiny for waiting until September 2011 to disclose successful attacks against its corporate network that occurred in 2010. VeriSign’s 2011 disclosure contained little information about the nature of the attacks, the type of data that was taken, and the remedial measures that were taken. VeriSign did insist that its SSL business had not been compromised.

To continue reading you must login.