Information Risk

Subscribe to Information Risk via RSS

In Guidance Update No. 2015-02, the Division of Investment Management (Division) of the Securities and Exchange Commission (SEC) issued some high-level suggestions concerning the importance of cybersecurity for registered investment companies and registered investment advisers. The guidance outlines a number of measures these entities should consider for addressing cybersecurity risks. Of course, while some

As reported on our Benefits Law Advisor, the EEOC has issued proposed wellness program regulations. Much of the attention to those proposed rules understandably will be how they would affect the incentives employers have implemented to spur their employees to engage in healthier behaviors. The proposed rules also address, however, the confidentiality provisions under

As discussed in an earlier post, shortly after the United States Postal Service reported a data breach potentially affecting hundreds of thousands of  employees, the American Postal Workers Union filed an unfair labor practice with the National Labor Relations Board alleging the Postal Service should have bargained with the union over the impact and

Many mobile app developers do not place a high priority on data security, as illustrated by a recent IBM/Ponemon study:

  • Fifty percent of mobile app developers have no budget for security.
  • Forty percent of companies don’t scan mobile app codes for vulnerabilities.
  • The average company tests less than half of the apps it builds

With breaches caused by payment card thieves and hackers dominating the news, it is easy for mid-sized and small companies to think that data breaches are unfortunate events that affect only large companies. Not only is this sentiment misguided, but in relative terms the information contained in exposed emails can cause far more damage to 

This year’s IAPP Global Privacy Summit was very informative on a number of fronts, including the helpful insight provided by officials at the Federal Trade Commission (FTC) on a range of topics. A good summary of some of their comments can be found here, which includes concerns they expressed about the Consumer Privacy Bill

Reacting to a report that identity theft was a top concern for Illinois residents (second in a list of ten), Attorney General Lisa Madigan announced a legislative proposal to strengthen the state’s existing data breach notification law. The call for stronger breach notification laws is a trend that has emerged in other states, such as

The first massive data breach of 2015 hit one of the country’s largest insurance issuers, Anthem, Inc., including Anthem Blue Cross and Blue Shield and other related entities (Anthem). The incident reportedly affected over 80 million persons who are or were covered under a policy or program insured or serviced by Anthem. The personal note

Earlier this month, the New York Attorney General Eric T. Schneiderman announced a legislative proposal that would strengthen protections for private information by expanding the state’s breach notification law to cover e-mails, passwords and health data, require companies to implement data security measures, and notify consumers and employees in the event of a breach. If

As the vast array of internet-connected devices mushrooms, and technologies permit those devices to communicate with one another, calls for privacy and security can be heard. On the heels of a recent victory in the ongoing LabMD case, the Federal Trade Commission (FTC) announced yesterday “concrete steps” businesses can take to enhance the privacy