Security News Curated from across the world
“Victims are protected by federal law from having to pay the fraudulent charges, so the loss is primarily of time,” says Beth Givens, founder of the nonprofit Privacy Rights Clearinghouse.
Attorneys at the FTC are still working out exactly which losses will be covered.
One qualified expense: the cost of credit monitoring for victims who discovered the fraud before ChoicePoint notified them of the breach and offered free credit monitoring.
http://www.csoonline.com/read/040106/penalty.html
One bill, sponsored by Massachusetts Democrat Edward Markey, would require the FTC to make new rules limiting the sale and purchase of those identifiers, with exceptions for law enforcement, public health, certain emergency situations and selected research projects.
Another measure, sponsored by Florida Republican Clay Shaw, would restrict the display of SSNs on credit reports and on various government-issued documents and identification tags.
Several federal laws, including the Fair Credit Reporting Act and the Health Insurance Portability and Accountability Act, better known as HIPAA, also include restrictions on use and disclosure of the identifiers.
http://news.com.com/Congress+may+slap+restrictions+on+SSN+use/2100-7348_3-6071441.html?tag=nefd.top
The bills differ in several ways, including varying requirements about when a breached company should notify customers and whether consumers should be able to freeze their credit reports following a breach. Beyond the confusion about the differences in the bills, five congressional committees have claimed jurisdiction over some of the data breach bills.
Two data breach notification bills have passed through Senate committees and are awaiting action on the Senate floor, and two other bills are awaiting action on the House floor.
Dianne Feinstein, a California Democrat and early advocate for a national data breach notification law, said he’s still hopeful a law will get through Congress this year, but others are less optimistic.
Both the House and the Senate have targeted Oct. 6 to adjourn for the year, giving lawmakers about a month to campaign for the November general elections.
http://www2.csoonline.com/blog_view.html?CID=20859
Guidelines for this directive include:
· There should be an incentive for providers to contribute to the overall security of interconnected networks rather than protecting merely their own resources.
· Providers need to be more proactive and monitor their networks for risks of security breaches. Providers could also be asked to report which networks they monitor.
· This includes guidance to consumers as well as guidance to the provider’s staff, in particular with regard to incident response and emergency planning.
· The need for contact details for email abuse and security violations should also be stressed.
Providers in Europe are more concerned about spam emails that their customers receive than they are concerned with spam that their customers send.
http://www.enisa.eu.int/doc/pdf/deliverables/enisa_security_spam.pdf
The record indicates that TTPs are available to provide a variety of services for CALEA compliance to carriers, including processing requests for intercepts, conducting electronic surveillance, and delivering relevant information to LEAs. Fifth, the Order restricts the availability of compliance extensions under CALEA section 107(c) to equipment, facilities and services deployed prior to October 25, 1998 and clarifies the role and scope of CALEA section 109(b), under which carriers may be reimbursed for their CALEA compliance costs. Seventh, the Order concludes that carriers are responsible for CALEA development and implementation costs for post-January 1, 1995 equipment and facilities, and declines to adopt a national surcharge to recover CALEA costs. -FCC-
http://www.itu.int/osg/spu/newslog/FCC+Adopts+Order+To+Enable+Law+Enforcement+Access+To+Broadband+And+VoIP+Providers.aspx
“The study further shows that European corporate privacy leaders are more likely to hold the view that their role is inextricably tied to advancing a culture of responsible information use rather than establishing technical or administrative controls over privacy and data protection,” said Larry Ponemon, founder of the Ponemon Institute, who led the research team. Most European companies have a strict “no share” policy for consumer and employee data.
US companies are more likely to employ information security technologies to protect or safeguard sensitive personal information than European firms, including the use of encryption, intrusion detection systems and website monitoring.
Whether in established or emerging markets, the hallmark of White & Case is our complete dedication to the business priorities and legal needs of our clients.
http://www.whitecase.com/news/Detail.aspx?news=1091