Post-breach, organizations must have a full grasp on what happened - and convey that message consistently. Too often, that's not the case, says attorney Ronald Raether. What steps must organizations take?
The social network Myspace has settled with the Federal Trade Commission over misrepresenting its privacy policies by sharing personally identifiable information with advertisers without first getting permission from users.
Even with security information and event management systems, organizations labor to separate normal log data from actionable events, according to the latest Log and Event Management Survey from the SANS Institute.
The web-services protocol developed by the National Institute of Standards and Technology allows desktops, laptops, e-tablets and smartphones to access sensors that capture biometric data such as fingerprints, iris and face images.
Voluntary national standards, including privacy and security guidelines, for health information exchanges are inching forward. Federal authorities soon will seek comments on plans for a Nationwide Health Information Network Governance Rule.
Susan McAndrew of the HHS Office for Civil Rights provides insights about an omnibus package of regulations - including a revised version of the HIPAA breach notification rule - that's now in the final stages of review.
The UK has announced the first fine against a National Health Service unit for a breach in violation of the Data Protection Act. The Aneurin Bevan Health Board in Wales was fined Â£70,000 by the Information Commissioner's Office for sending sensitive patient information to the wrong person.