Internet Law Commentary

Law and Technology from a Palm Beach lawyer

‘Data Breach’

Nine Ways that Companies Get Hacked

gmail-hack-day-2

This one page article explains the 9 most common ways your clients and companies get hacked — in a single page Palm Beach Bar article. Don’t know a DDOS from a SQL attack? Brute force or a reverse brute force. Read the kama sutra of hacking-for-lawyers, here.

Department of Defense: Interim Rule on CyberSecurity

the_pentagon (1)

The Department of Defense has issued an Interim Rule amending the Defense Federal Acquisition Regulation Supplement (DFARS). The specific focus is on new rules  which require contractor reporting on network penetrations. Additionally, this Rule implements DoD policy on the purchase of cloud computing services. The Interim Rule is here. According to the Federal Registry: This interim… Read More

NIST Draft Practice Guide: Securing Electronic Health Records on Mobile Devices

nist_campus-sign

The National Institute for Standards and Technology issued a “draft” version of a Cybersecurity Practice Guide aimed at doctors, hospitals, and other health care providers. The 82-page Guide discusses how medical providers access patient data remotely and that “the use of mobile devices to store, access and transmit electronic health care records is outpacing the privacy… Read More

Second Cir: Facebook Case Reveals Difference b/t CFAA & SCA Statute of Limitation Periods

fb

The Second Circuit confirmed that the Computer Fraud and Abuse Act (18 USC 1030) and the Stored Communications Act (18 USC 2701) calculate the starting point of their two year statute of limitation differently.  If someone’s email and/or social media accounts are hacked, the statutory periods are calculated differently.  This case may be important since… Read More

Recent Government Guidelines on Data Breach / Cyber Security

CyberSecurity

Various federal agencies have been busy this Winter-Spring 2015 issuing various guidelines regarding data breach and cyber security: DOJ Best Practices for Victim Response and Reporting of Cyber Incidents (April 2015) – drafted “with smaller, less well-resourced organizations in mind…” Office of National Coordinator for Health Information Technology (April 2015) – for medical professionals, a… Read More

Storm v Paytime — Data Breach Case

data-breach

According to Judge John E. Jones, III, “[t]here are only two types of companies left in the United States… ‘those that have been hacked and those that don’t know they’ve been hacked.’” Citing the now infamous USAToday article statistic that 43% of companies have experienced a data breach, the US District Court for the Middle… Read More