Privacy

NIST Sets Course For Handling Sensitive Data

The Snowden leaks were a wake-up call for U.S. Government agencies that the tools and processes to protect classified and sensitive data were woefully out of step with the current environment of small, capacious storage devices and powerful cloud-based secure communications and hosting platforms. But what about all the data that is stored on systems belonging to the (many) contractors that the government works with? Last week brings some clarification: a draft document from the National Institute of Standards and Technology (NIST) “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.” (Draft Special Publication 800-171). The new NIST document outlines steps for protecting sensitive unclassified federal information that resides in nonfederal information systems and environments. Those include non-federal information systems that lie outside of the scope of existing laws like the Federal Information Security Management Act (FISMA) and any components of nonfederal systems that process, store, or transmit CUI. Read more […]

Continue Reading

With $200k Fine, FTC Finds Trust-e Not Very Trusty

The U.S. Federal Trade Commission fined TRUSTe, a for profit organization that is a leading provider of online reputations, $200,000 for misleading consumers about its web site monitoring services. On Monday, the Commission announced a settlement with TRUSTe over allegations that the company failed to perform annual compliance checks on more than 1,000 domains that earned its TRUSTe Certified Privacy Seal” between 2006 and 2013. The company also acknowledged making misleading statements about its for-profit status. “TRUSTe promised to hold companies accountable for protecting consumer privacy, but it fell short of that pledge,” said FTC Chairwoman Edith Ramirez in an official statement. “Self-regulation plays an important role in helping to protect consumers. But when companies fail to live up to their promises to consumers, the FTC will not hesitate to take action.” TRUSTe is a critical player in the online trust business. The company provides seals to businesses that meet […]

Continue Reading

Automakers Issue Privacy Guidelines For Connected Cars

A group representing some of the leading foreign automakers who sell in the U.S. released guidelines to protect consumer data collected by in-vehicle technologies and make sure that car owners consent to the collection of everything from geolocation data to biometric identifiers. The group, Global Automakers, represents foreign auto manufacturers and original equipment makers (OEMs). The Privacy Principles document (PDF here) include guidance on issues like transparency, anonymity and security and are intended to set ground rules for the collection and use of driver or owner information by increasingly sensor-rich vehicles. “As modern cars not only share the road but will in the not too distant future communicate with one another, vigilance over the privacy of our customers and the security of vehicle systems is an imperative,” said Global Automakers President and CEO John Bozzella in a published statement.  The Privacy Principles are voluntary are are based on the U.S. Federal Trade […]

Continue Reading

Supply Chain Risk Escapes Notice At Many Firms

Online attacks that come by way of suppliers and other third party business partners are one of the biggest threats that modern organizations face. But too few firms are giving supply chain security the attention it deserves, a panel of legal and information security experts told attendees at a cyber security forum in Boston on Wednesday. Companies need to protect their exposure through third parties better, according to the panel: beefing up auditing of internal- and partner assets and including contractual protections that will indemnify them in the event that a breach at a supplier or business partner exposes data that materially affects their firm. The panel, “Fortifying the Supply Chain,” was part of a day long event at The Federal Reserve in Boston and sponsored by the Advanced Cyber Security Center, a technology industry consortium. It brought together top legal and information security experts, including FireEye researcher Alex Lanstein and Jim Halpert, the […]

Continue Reading

Metadata Matters: EFF To Argue Collection Violates Constitution

Lawyers from The Electronic Frontier Foundation will argue on Tuesday that the U.S. government’s bulk collection of phone records and other “metadata” is a violation of the Constitution’s protection against unlawful searches. In a blog post on Monday, EFF said that it plans to make oral arguments before the D.C. Circuit Court of Appeals on Tuesday and will argue that the call records collected by the government constitute “intimate portraits of the lives of millions of Americans” that are protected under the Constitution’s Fourth Amendment. The EFF is presenting in the Klayman vs. Obama, a 2013 case filed by Larry Klayman, conservative activist, in the immediate aftermath of the publication of data leaked by former NSA contractor Edward Snowden. EFF and the ACLU filed an amicus brief in that case in August. The government’s argument is that the bulk collection of phone records is legal under a precedent called “third party doctrine,” which […]

Continue Reading
1 14 15 16 17 18 47