Information Security Breaches & The Law

Buzz Lightyear Saved from Data Death

Backup-Battalion-Saves-World-From-Intergalactic-Data-Disasters-featured_image

About this blog

This blog, written in English, French, Portuguese and Spanish includes opinions, comments on recent news, laws or other developments, research notes and conference reports in the area of information security breaches, mainly in Europe, the United States and Latin America.

It also features a "Library" that includes links to recent reports and surveys, practical guides, blogs and websites in the area, upcoming conferences, new data breach notification bills and laws, and other related resources.

It should be of interest to company executives concerned with information security issues in their business, as well as to professionals practicing in the field of information security, privacy and data protection, along with the interested general public.

The blog’s editor is Cédric Laurant, and Marie-Andrée Weiss and him the main authors.

Categories
Pages
Annie C. Bai Armando Becerra Brazil Canada Canadian Law Central America Central American Law Colombia Comments Conferences Countries Cédric Laurant English Español EU Law Europe European Union Farid Bouguettaya France Français Germany Infographics Interviews Joseph Santangelo Latin America Law Marie-Andrée Weiss Mexico News Non-EU North America Notes Online Backup Geeks Opinions Outlines Português Posts (Practical guides) Renato Leite Monteiro Reports & Surveys South America South American Law United States
Security Breach Library (latest items)
- Fortinet 2013 Cybercrime Report (December 2012) This paper explores the world of the cybercriminal, describes how they build and deploy attacks to harvest valuable data, and what you can do to fight back.
- Online Trust Alliance Data Protection & Breach Readiness Guide (February 2013) The goal of the 2013 Data Protection & Breach Readiness Guide is to provide prescribed guidelines that help businesses proactively develop a plan to minimize data collection, enhance data protection and to create a customer-centric incident response p
- Security & Defense Agenda, Cyber-security: "The vexed question of global rules – An independent report on cyber-preparedness around the world" (Feb. 2012) This report is made up of a survey of some 250 leading authorities worldwide and of interviews carried out in late 2011 and early 2012 with over 80 cyber-security experts in government, companies, international organisations and academia. It offers a glob
- Verizon, 2013 Data Breach Investigations report (April 2013) This report makes you discover stats that might surprise you: from the percentage of espionage-related attacks to the astonishing length of time it often takes to spot a security breach.
May 2013

M T W T F S S

« Apr

1 2 3 4 5

6 7 8 9 10 11 12

13 14 15 16 17 18 19

20 21 22 23 24 25 26

27 28 29 30 31
Blogroll (recommended reference websites)

May 2013
M	T	W	T	F	S	S
« Apr
	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Buzz Lightyear Saved from Data Death

In a world where a residential fire occurs every 79 seconds, a laptop is stolen every 53 seconds and a hard drive crashes every 15 seconds, citizens are crying out for help. Do not fear, the Backup Battalion is here! Watch how these super-powered information protectors defend the planet from data-munching monsters and cloud-thrashing titans. Interested in joining the team? Then gather your favorite pair of spandex and read on!

Rate this:

Filed under English, Infographics, North America, Online Backup Geeks, United States · Tagged with backup, backup failure, computer virus, data loss, destruction, hardware failure, human error, Microsoft, NASA, Pixar, software corruption, T-Mobile, theft

Designer: Thomas Saur. Available at http://wall.alphacoders.com/big.php?i=10203.

How and Wow: Verizon’s Tactical Survey of Global Data Breaches

What is really happening on the ground with data breaches globally? The Verizon “2013 Data Breach Investigations Report” aggregates and analyzes data from over 47,000 data security incidents and 621 confirmed data breaches. Read this summation to acquaint yourself with the Report’s telling details, unexpected correlations and promising strategies for detection and prevention.

Rate this:

Filed under Annie C. Bai, Central America, English, Europe, European Union, Latin America, News, North America, Outlines, Reports & Surveys, South America · Tagged with data security breaches, data breaches, Verizon, data security incidents, threats, threat vectors, cyber espionage, social engineering, data breach targets, data attacks, attack methods, insiders, outside actors, internal actors, organized crime, state-affiliated action, political espionage, hacktivism, external threat, internal threat, threat actors, insider breaches, threatened assets, targeted assets, vulnerability, data in transit, data at rest, intrusions, threat actions, hacking, malware, authentication-based attacks, single-factor password, IT security, systemic weaknesses, network intrusions, threat detection, external parties

"Herring-Hall-Marvin Safe Co." (Caja fuerte, Museo de Minería de Nacozari, Estado de Sonora, México) (Photo courtesy of Ricardo Alonso (c) 2010. All rights reserved.) Available at http://www.flickr.com/photos/ricardo_alonso/4818845451.

Todo lo que querías saber sobre la notificación de vulneraciones de datos personales en la nueva legislación mexicana (2da parte)

Las empresas mexicanas no sólo tienen que cumplir con una ley de protección de datos en vigor desde enero del 2012 que les impone nuevas obligaciones y mejores medidas de seguridad. También tienen que estar listas para notificar a los titulares cuando sufran una vulneración a sus datos personales. Con amenazas como el espionaje industrial, ciber-criminales, empleados negligentes y rumores de ciber-guerra, no existe ninguna organización inmune a las fugas de datos. Esta entrada explica como estar preparado y como interpretar la reciente ley. (2da parte)

Rate this:

Filed under Armando Becerra, Cédric Laurant, Central America, Central American Law, Español, Interviews, Latin America, Mexico, Notes · Tagged with América Móvil, brechas de seguridad, datos personales, Estados Unidos, fallas de seguridad, Farmacias San Pablo, fuga de datos, fuga de información, hackeo, IFAI, Instituto Federal de Acceso a la Información y Protección de Datos, Ley Federal de Protección de Datos Personales en Posesión de los Particulares (México), LFPDPPP, LinkedIn, medidas de seguridad, notificación de brechas de seguridad, notificación de vulneraciones de seguridad, plan de continuidad de negocio, Reglamento de la Ley Federal de Protección de Datos Personales en Posesión de los Particulares (México), RLFPDPPP, Telcel, TV Azteca, vulneración de datos personales, vulneración de seguridad

"Data Dump" by Seth Anderson (2008). Available at http://www.wylio.com/credits/Flickr/2704017177. Published under a CC BY-SA 2.0 license.

Todo lo que querías saber sobre la notificación de vulneraciones de datos personales en la nueva legislación mexicana (1ra parte)

Rate this:

"Everyday life of bits and bytes" by Rene Jakobson.

Towards a New Personal Data Breach Notification Framework in the EU

The European Commission published recently a Proposal for a Regulation on personal data protection. If adopted, it would repeal the 1995 Data Protection Directive. The Proposal includes a new data security framework: both the data controller and the data processor would have to implement appropriate technical and organizational measures in order to ensure that data is secure; a personal data breach would have to be reported within 24 hours to the supervisory authority, and also, without undue delay, to the data subject if the breach would adversely affect his personal data or privacy. We comment some of the pending issues.

Rate this:

Filed under Cédric Laurant, Comments, English, EU Law, Europe, European Union, France, Marie-Andrée Weiss, United States · Tagged with appropriate technological protection measures, damage to reputation, data breach notification, data breach notification delay, data breaches, data protection, Data Protection Authority, data protection by default, Data Protection Directive, data protection impact assessment, data security, data security breaches, data subject, delegated acts, e-Privacy Directive, encryption, EU Data Protection Regulation, EU Directive 2009/136/EC, EU Directive 95/46/EC, European Commission, Law of July 29 1881 (France), libel, Michigan Identity Theft Protection Act 452 of 2004, New York Gen. Bus. Law § 899-aa, personal data, privacy by design, publication, security breaches, supervisory authority, technical and organizational measures, U.S. Federal Trade Commission

"Masking" (Photo by Fred McWilson (c) 2006 - All rights reserved)

Implementation of Privacy by Design and Technical and Organizational Security Measures: The Data Masking Solution

The European Union is working on a revised set of rules for its data protection framework. The concept and principles of “privacy by design” has been incorporated in this draft. We will assess how data masking can be considered an effective data security measure and whether data masking fulfills privacy by design principles. Data masking is not encryption. It is a technique that provides for the replacement of real data with fictitious but realistic data in test environments.

Rate this:

Filed under Cédric Laurant, English, Europe, European Union, Joseph Santangelo, North America, Notes, United States · Tagged with advanced data masking, anonymization, basic data masking, data anonymization, data breaches, data masking, data protection, data protection by default, data security breaches, de-identification, encryption, EU General Data Protection Regulation, European Data Protection Supervisor, obfuscation, PbD, personal data, privacy by design, privacy professionals, privacy-protective technology, provisioning systems, redaction, scheduling systems, security breaches, sensitive information, technical and organizational measures, United States, US Federal Trade Commission

Conference: "Is Your Company at Risk? New Digital Risks and Computer Attacks: Forensic and Data Protection Aspects - International Perspectives and the New Colombian Legislation" (EAFIT, Medellin, Colombia - 16 Nov. 2011)

“Is Your Company under Threat? New Digital Risks & Computer Attacks: Forensic & Data Protection Aspects” (Conference in Medellin, Colombia, Nov. 16, 2011)

“Is Your Company at Risk? New Digital Risks and Computer Attacks: Forensic and Data Protection Aspects – International Perspectives and the New Colombian Legislation.” A conference (in Spanish) about the recent Colombian data protection law, on Nov. 16, 2011 at the Universidad EAFIT in Medellin, Colombia.

Rate this:

Filed under Cédric Laurant, Colombia, Conferences, English, Español, Latin America, South America · Tagged with ASOTO Technology Group, Cedric Laurant Consulting, Colombia, computer forensics, cybercrime, cybersecurity, cyberwarfare, data protection, data protection law, European Union, information security, Latin America, privacy, public policy, security breaches, United States, Velasco & Calle d'Alleman

"Future" (New York, NY, 2011) - Photo: Marie-Andrée Weiss

«Les droits de l’individu dans la révolution numérique» : l’Assemblée nationale française publie son rapport (5e et dernière partie)

Depuis le début de cette série, la loi française en matière de notification des failles de sécurité a déjà changé. D’autres changements sont à venir, alors que Madame Viviane Reding expose son intention d’introduire une notification obligatoire des failles de sécurité pour les services bancaires et financiers et que la Commission européenne a lancé le 14 juillet dernier une consultation sur les règles pratiques de notification des violations de données à caractère personnel. (5e et dernière partie de notre série)

Rate this:

Filed under Europe, European Union, Français, France, Marie-Andrée Weiss, Outlines, Reports & Surveys · Tagged with article 226-17-1 du Code pénal (France), Assemblée nationale française, Californie, CIL, cloud computing, CNIL, Code des postes et des communications électroniques, Commission nationale de l’informatique et des libertés (France), Contrôleur Européen de la Protection des Données, correspondant "informatique et libertés", credit reporting agencies, credit score, data security breaches, Décret n° 2011-219 du 25 février 2011 (France), DGCCRF (France), Directive 2009/136/CE, Directive 2009/140/CE, Directive 95/46/CE, European Commission, failles de sécurité, Informatique en Nuage, loi "Informatique et libertés", Loi n° 2004-575 (France), Loi n°78-17 du 6 janvier 1978 (France), mesures de protection appropriées, notifications de failles de sécurité, Ordonnance 2011-1012 du 24 août 2011 (France), Paquet Télécom, Proposition de loi S.B. 24 (Etats-Unis)

"Arc-en-ciel" (New York, NY, 2011) - Photo: Marie-Andrée Weiss

«Les droits de l’individu dans la révolution numérique» : l’Assemblée nationale française publie son rapport (4e partie)

Le rapport de l’Assemblée Nationale s’interroge également sur les garanties pour la confidentialité des données personnelles dans le ‘nuage’ et détaille les procédures légales d’exportation de ces données. (4e partie de notre série)

Rate this:

Filed under Europe, European Union, Français, France, Marie-Andrée Weiss, Outlines, Reports & Surveys · Tagged with Adéquation, Agence nationale de la sécurité des systèmes d'information (ANSSI), ANSSI, Assemblée nationale française, BCR, Binding corporate rules, Centre de données, Clauses contractuelles types, cloud computing, CNIL, Commission européenne, Commission nationale de l’informatique et des libertés, confidentialité des données, décision d’adéquation, Directive 2009/140/CE, Directive 95/46/CE, externalisation, Groupe de Travail de l'Article 29, infogérance, Informatique en Nuage, loi "Informatique et libertés", loi du 6 janvier 1978, règles d'entreprise contraignantes, Safe Harbor, transfert de données personnelles, Union européenne, vie privée

"Summer Moon" (New York, NY, 2011) - Photo: Marie-Andrée Weiss

«Les droits de l’individu dans la révolution numérique» : l’Assemblée nationale française publie son rapport (3e partie)

Le rapport de l’Assemblée Nationale s’intéresse également à l’informatique dans les nuages, le ‘cloud computing’, qui présente de nombreux avantages économiques pour les entreprises, et même pour les gouvernements, mais dont l’utilisation n’est pas sans risques pour la sécurité des données personnelles. (3e partie de notre série)

Rate this:

Filed under Europe, European Union, Français, France, Marie-Andrée Weiss, Outlines, Reports & Surveys · Tagged with Agence Danoise de protection des données, Assemblée nationale française, Centres de données, cloud computing, CNIL, Commission nationale de l’informatique et des libertés, confidentialité des données, Congrès américain, Conseil Supérieur de la Propriété Littéraire et Artistique, CSPLA, data centers, externalisation, FCC, Federal Communications Commission, Google, IaaS, Informatique en Nuage, Infrastructure as a Service, Julius Genachowski, PaaS, Platform as a Service, SaaS, Software as a Service, sous-traitance, sous-traitant, Union européenne, vie privée

Read this website in your language!

--> Click here to translate
Call to Guest Bloggers / Appel à blogueurs / Llamada a blogueros / Chamada para blogueiros convidados

--> Click here (EN) - --> Cliquez ici (FR) - --> Clique aquí (ES) - --> Clique aqui (PT)
Most Visited Posts & Pages (last 24-48 h)
Top Rated
Recent Posts
Tag Cloud
anonymization Argentina Article 29 Data Protection Working Party Assemblée nationale française Binding corporate rules California Security Breach Notification Act cloud computing CNIL Commission nationale de l’informatique et des libertés confidentialité des données contractual clauses correspondant "informatique et libertés" data breaches data breach notification data controller data protection Data Protection Authority data security data security breaches Directive 95/46/CE Directive 2009/140/CE encryption EU Directive 95/46/EC EU Directive 2002/58/EC EU Directive 2009/136/EC EU e-Privacy Directive European Commission European data protection authorities European Data Protection Supervisor European Union failles de sécurité Germany Google information security Ley Federal de Protección de Datos Personales en Posesión de los Particulares (México) loi "Informatique et libertés" México notification des violations de securité personal data security breach sensitive information Union européenne United States US Federal Trade Commission vie privée
Tweets (last 10)
- The #DataBreach Weekly Digest is out! paper.li/security_breac… ▸ Top stories today via @HawsonsIT @SustentaLtd @rapier57 - Tweeted 3 days ago
- "Buzz Lightyear Saved from Data Death" (new blog post - infographic) wp.me/pW5Fc-rh #databreach - Tweeted 4 days ago
- The #DataBreach Weekly Digest is out! paper.li/security_breac… ▸ Top stories today via @townsendsecure @keystoneshred @JoshLTS - Tweeted 1 week ago
- The #DataBreach Weekly Digest is out! paper.li/security_breac… ▸ Top stories today via @securityaffairs @BotRevolt @IThealthnonprof - Tweeted 2 weeks ago
- "Verizon's 2013 Tactical Survey of Global Data Breaches" (blog post) wp.me/pW5Fc-pX #databreach - Tweeted 3 weeks ago
- The #DataBreach Weekly Digest is out! paper.li/security_breac… ▸ Top stories today via @Vormetric @inquisitivesys @ITADSecurity - Tweeted 3 weeks ago
- The #DataBreach Weekly Digest is out! paper.li/security_breac… ▸ Top stories today via @ediscoveryguru @zone_fox @TheMarkONeill - Tweeted 1 month ago
- RT @cedric_laurant: Dictaré conferencia “Evita sanciones por fuga de datos personales de tu empresa” @ITESMCEM 24 abril http://t.co/E1ej ... - Tweeted 1 month ago
- The #DataBreach Weekly Digest is out! paper.li/security_breac… ▸ Top stories today via @BotRevolt @SectorForensics @daraghobrien - Tweeted 1 month ago
- RT @cedric_laurant: Hablando miércoles sobre manejo de vulneraciones de #datospersonales en México, EEUU y UE #CLLF #databreach #LFPDPPP ... - Tweeted 1 month ago
Follow @security_breach
Recent News on Security Breaches
- ENISA releases report on situation of implementation of e-Privacy Directive's data breach notification requirement (ENISA, Jan. 13, 2011) “ENISA reviewed the current situation in order to develop a consistent set of guidelines addressing the technical implementation measures and the procedures, as described by Article 4 of the reviewed Directive 2002/58/EC.”
- "EU Study Frowns over Data Breach Notification Rules. Cyber-security Agency Worries" (The Register, Jan. 14, 2011) New study identifies risk prioritisation, enforcement and resources as key issues. ENISA hopes research will help to develop best practice on breach notification and inform future decisions on whether EU rules, first to apply to telcos and ISPs, ought to
- Citigroup Cites $2.7 Million in Customer Losses From Hack (Wall Street Journal, June 25, 2011) Citigroup Inc. has told government officials that about 3,400 of the customers whose credit-card information was hacked have suffered about $2.7 million in losses
- Citigroup did little to assist victims of privacy breach, critics say (The Globe and Mail, June 24, 2011) After a massive data breach last month, Citigroup did not offer its hacked clients the same degree of identity-theft protection that many other companies provide, drawing criticism from privacy advocates.
- Citigroup says hackers accessed bank card data (The Globe and Mail, June 9 & 14, 2011) About 1% of Citibank’s card customers were affected by the breach, which a report asserts had been discovered in May during routine monitoring.
- Preparation for hacker attacks helps in protecting, insuring firms (Business insurance.com, June 27, 2011) “Preparing in advance for a seemingly inevitable data breach will put a company in a better position to respond when its systems are attacked, as well as improve its position with insurers in seeking cyber risk coverage.”
- "Data Breaches a Symptom of a Bigger Problem" (Infosecurity-us.com, June 14, 2011) “Organizations that lack adequate security funding – especially small and medium-sized businesses – are being targeted by hackers because they are easy prey.”
- "Cybersecurity: SEC outlines requirement that companies report cyber theft and attack" (Washington Post, Oct. 15, 2011) “Cyberspies and criminals steal what is estimated to be tens of billions of dollars worth of data from U.S. companies each year. Yet experts say few companies report these losses to shareholders.”

Information Security Breaches & The Law

Buzz Lightyear Saved from Data Death

About this blog

Categories

Pages

Security Breach Library (latest items)

Blogroll (recommended reference websites)

Buzz Lightyear Saved from Data Death

Rate this:

Todo lo que querías saber sobre la notificación de vulneraciones de datos personales en la nueva legislación mexicana (2da parte)

Rate this:

Todo lo que querías saber sobre la notificación de vulneraciones de datos personales en la nueva legislación mexicana (1ra parte)

Rate this:

Towards a New Personal Data Breach Notification Framework in the EU

Rate this:

Implementation of Privacy by Design and Technical and Organizational Security Measures: The Data Masking Solution

Rate this:

“Is Your Company under Threat? New Digital Risks & Computer Attacks: Forensic & Data Protection Aspects” (Conference in Medellin, Colombia, Nov. 16, 2011)

Rate this:

Read this website in your language!

Call to Guest Bloggers / Appel à blogueurs / Llamada a blogueros / Chamada para blogueiros convidados

Most Visited Posts & Pages (last 24-48 h)

Top Rated

Recent Posts

Tag Cloud

Tweets (last 10)

Recent News on Security Breaches

Blog authors

Copyright notice

Authors' recent talks on information security & data protection issues

Authors' upcoming talks on information security & data protection issues

Archives by date

Subscribe to this blog by e-mail

The “Global Information Security Breach Professionals” Group on Linkedin

Wordpress Blog Stats

Follow “Information Security Breaches & The Law”