Blog - Information Management Today

Accelerating scope 3 emissions accounting: LLMs to the rescue

IBM Big Data Hub

MARCH 27, 2024

The rising interest in the calculation and disclosure of Scope 3 GHG emissions has thrown the spotlight on emissions calculation methods. Within USEEIO, goods and services are categorized into 66 spend categories, referred to as commodity classes, based on their common environmental characteristics.

Mining

Mining Data collection IT

Threat actors exploit recently disclosed Atlassian Confluence flaw in cryptomining campaign

Security Affairs

JUNE 10, 2022

The issue was reported by security firm Volexity, CVE-2022-26134, and in the same week of its disclosure, Atlassian addressed the flaw in Confluence Server and Data Center products. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. Follow me on Twitter: @securityaffairs and Facebook.

Security

Security Cybersecurity IT Information Security

Android pre-installed apps are affected by high-severity vulnerabilities

Security Affairs

MAY 27, 2022

The researchers discovered the flaws in September 2021 and reported them to mce Systems and affected mobile service providers through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR). Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Access

Access Security Cybersecurity IT

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Quick Threat Model Links October 2019

Adam Shostack

OCTOBER 9, 2019

Continuum has a blog and a spreadsheet on threat modeling lambdas (as a category, not specific to Amazon Lambda), and also a post on threat modeling with CAPEC. Disclosure: I’m on advisory boards for Continuum and Ntrepid. There’s some context from Aaron Small, who made the project happen. What else have you seen?

Privacy

Privacy Security IT

California Consumer Privacy Act: Disclosure requirements

Data Protection Report

SEPTEMBER 11, 2018

This is the Data Protection Report’s fourth blog in a series of blogs that will break down the major elements of the CCPA which will culminate in a webinar on the CCPA in October. Stay tuned for additional blogs and information about our upcoming webinar on the CCPA. Privacy policy disclosures.

Privacy

Privacy Access IT Data Privacy

Red TIM Research discovers a Command Injection with a 9,8 score on Resi

Security Affairs

JUNE 6, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”) To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Cybersecurity

Cybersecurity Access Security Communications

HHS updates online tracker guidance

Data Protection Report

MARCH 21, 2024

Our readers may recall that HHS took a very broad view of the information that could constitute Protected Health Information (PHI) or Individually Identifiable Health Information (IIHI) whose disclosure to tracking vendors could potentially violate HIPAA. diabetes) and that, together with any individually identifying information (e.g.,

Analytics

Analytics Privacy Compliance Marketing

SEC Announces 2022 Examination Priorities: Private Funds, ESG, Retail, Cyber, Digital Assets Top the List

Data Matters

APRIL 6, 2022

ESG Investing: registered funds, private offerings, and RIAs’ ESG disclosures concerning ESG investing approaches; adoption and implementation of policies, procedures, and practices in connection with such disclosures; voting client securities in accordance with proxy voting policies and procedures; and greenwashing.

Retail

Retail Compliance Sales Risk

Big California Privacy News: Legislative and Enforcement Updates

Data Matters

SEPTEMBER 6, 2022

Business will need to make CCPA-required disclosures in privacy policies regarding employee and B2B data. Below is a list of potential areas to consider based on the OAG’s recent announcements: Review privacy policy “sales” disclosures relating to advertising and analytics cookies/trackers. Review financial incentive disclosures.

Privacy

Privacy B2B Sales Compliance

SEC Chair: Sweeping New Cybersecurity Rules Are Coming Soon

Data Matters

FEBRUARY 10, 2022

However, Chair Gensler highlighted that disclosure regimes evolve over time and stated that he has asked the staff to make recommendations related to public companies’ cybersecurity practices and cyber risk disclosures as well as disclosures that must be made once cyberevents have occurred.

Cybersecurity

Cybersecurity Marketing Risk Compliance

When are schools required to report personal data breaches?

IT Governance

NOVEMBER 17, 2020

In this blog, we take a look at the scenarios in which data protection breaches in schools must be reported. the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. Sensitive personal data is a specific set of “special categories” that must be treated with extra security.

Personal data

Personal data Data breaches Data collection GDPR

HID Mercury Access Controller flaws could allow to unlock Doors

Security Affairs

JUNE 12, 2022

“By use of our responsible disclosure procedures independent penetration testing of HID Mercury , access panels sold by LenelS2 were reported to contain cybersecurity vulnerabilities.” Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. ” reads the advisory.

Access

Access Authentication Manufacturing Cybersecurity

OCR Reduces HIPAA Penalties and Clarifies Liability for Transferring ePHI to Third-Party Health Apps

Data Matters

APRIL 30, 2019

Under the 2009 HITECH Act, Congress established four categories of HIPAA violations with increasing levels of culpability. healthcare providers) will and will not be held liable for third-party applications’ (“apps’”) uses and disclosures of protected health information (“PHI”).

Data breaches

Data breaches Privacy Government Access

CCPA Marches On: California Attorney General Proposes Further Revisions to CCPA Regulations, Industry Pleads for Enforcement Delay Amid COVID-19 Crisis

Data Matters

APRIL 10, 2020

Restoration of privacy policy disclosures (§ 999.308). Among other disclosure requirements, privacy policies must identify (i) the categories of sources from which personal information is collected from consumers, and (ii) the business or commercial purpose for collecting or selling personal information.

Privacy

Privacy Sales Insurance Compliance

A Microsoft 365 feature can ransom files on SharePoint and OneDriveCould

Security Affairs

JUNE 17, 2022

. “By design, when you reduce the document library version limit, any further changes to the files in the document library will result in older versions becoming very hard to restore (see responsible disclosure and discussion). Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Libraries

Libraries Encryption Ransomware Cloud

What is data loss and how does it work?

IT Governance

OCTOBER 6, 2020

It’s a specific type of data breach, falling into the ‘availability’ category of data security (the other two categories being ‘confidentiality’ and ‘integrity’). In this blog, we explain what you need to know and provide data loss prevention tips. appeared first on IT Governance UK Blog. What causes data loss?

IT

IT Computer and Electronics Data breaches Risk

GDPR for small business: the ultimate guide

IT Governance

JULY 2, 2020

There is also a special category of personal data devoted to sensitive information. Involve special categories of personal data or criminal conviction and offence data. It provides more detail on the requirements we’ve discussed in this blog, alongside further guidance for small businesses on how to comply with the GDPR.

GDPR

GDPR Personal data Data breaches Compliance

Understanding China’s Data Regulatory Regime: China Solicits Public Comments on Certification Rules for Cross-Border Data Processing Activities

Data Matters

JUNE 14, 2022

The proposal prescribe the following principles for certification of cross-border data processing activities: lawfulness, fairness, necessity and integrity; public disclosure and transparency; information quality; equal protection; accountability; and. General Principles. voluntary certification. Certification Requirements.

Privacy

Privacy Government Security Information Security

Connecticut Strengthens Data Breach Notification Requirements and the Uniform Law Commission Approves and Recommends Comprehensive and Uniform State Privacy Legislation

Data Matters

AUGUST 9, 2021

In addition, the Act expands the definition of personally identifying information, compromise of which would constitute a data breach, to include patient data and medical data—a general category of health-related information that is not limited to protected health information under HIPAA.

Data breaches

Data breaches Privacy Personal data Data Privacy

California AG’s First Formal CCPA Opinion Directs Businesses to Disclose Internally-Generated Inferences and Expresses Skepticism Around Trade Secret Claims

Data Matters

MARCH 29, 2022

Further, if a business believes disclosure of information constitutes a trade secret, it cannot do so with a “blanket assertion of ‘trade secret’,” but must do so “in a meaningful and understandable way” that “explains the nature of the information and the basis for the denial [of the disclosure request].” Opinion at 14. Opinion at 15.

Privacy

Privacy IT Government

Data breaches and cyber attacks quarterly review: Q2 2021

IT Governance

JULY 13, 2021

In this blog, we provide an overview of the security landscape in the past three months, and look at key statistics and observations. We also place ransomware in its own category, due in part to the frequency of attacks and in order to differentiate it from intrusions that may be harder to detect, such as password breaches.

Data breaches

Data breaches Retail Ransomware Government

CCPA In-Depth Series: Draft Attorney General Regulations on Consumer Notice

Data Matters

OCTOBER 22, 2019

update their privacy policies with numerous disclosures. update their privacy policies with numerous disclosures. The Attorney General appears to have provided this guidance with the consumer experience in mind, as a link will provide a much smoother interaction than including the entire disclosure on the screen.

Privacy

Privacy Sales Paper Compliance

A 6-step guide to surviving data breaches

IT Governance

FEBRUARY 1, 2019

The categories of data subject affected. In the context of data breach disclosure, they act as a point of contact between management and staff, as well as between an organisation and its supervisory authority. The post A 6-step guide to surviving data breaches appeared first on IT Governance Blog. Describe the impact.

Data breaches

Data breaches GDPR Personal data Compliance

The heat is on, is your school #BreachReady?

IT Governance

AUGUST 6, 2018

Welcome to the new education sector blog series. In our first blog ( sign up to the series here ) , we explore data breaches. In the next blog we will discuss situational analysis and how to assess what’s happening in school and how to support staff to protect the data in their care. . Verbal disclosure.

Data breaches

Data breaches Education GDPR Risk

Third Time’s the Charm: CCPA Regulations Finally Approved With Limited Substantive Changes from June 2020 Version

Data Matters

AUGUST 20, 2020

The CCPA is a landmark state privacy law that grants consumers new privacy rights, and requires businesses to enhance disclosures about their data practices and facilitate consumer privacy rights. While this change may appear significant, in practice, it may not be.

Privacy

Privacy Paper Retail Compliance

CCPA: “Attorney General Amendment” Likely Dead

Data Protection Report

MAY 17, 2019

Narrows disclosure requirement relating to categories of third parties. Links to our previous blog articles: Article #1: Summary of CCPA’s major provisions. Article #4: CCPA disclosure requirements. Exempts “insurance institutions, agents, and support organizations”. 5/16 – hearing upon call of Chair. 5/8 – vote to pass.

Retail

Retail Privacy Insurance Manufacturing

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

Nonetheless, and despite the California legislators’ ostensible effort to achieve compromise, the new legislation requires disclosure, access, deletion, portability and enforcement far in excess of what U.S. Specific categories defined as personal information include. Privacy Policy Disclosures. biometric information.

GDPR

GDPR Privacy Sales Data breaches

Retailer Sued over Allegations that Background Check Consent Form Includes Extraneous Information

Hunton Privacy

NOVEMBER 20, 2015

As reported in the Hunton Employment & Labor Perspectives Blog : On November 2, 2015, a putative class action was filed against retailer Big Lots Stores, Inc. As reported in the Hunton Employment & Labor Perspectives Blog : On November 2, 2015, a putative class action was filed against retailer Big Lots Stores, Inc.

Retail

Retail Government IT Privacy

A February 2020 Surprise: California Attorney General Proposes Significant Revisions to CCPA Regulations

Data Matters

FEBRUARY 12, 2020

The new proposal makes several tweaks to the guidance on required privacy policies, including an important change that removes the initial proposal’s requirement that businesses specify the categories of sources, purposes of collection, and other information on a category-by-category basis for each subcategory of Personal Information.

Privacy

Privacy Compliance Archiving Sales

European Commission Adopts New Standard Contractual Clauses

Data Matters

JUNE 5, 2021

Schrems II Provisions: The parties warrant that at the time of signing the New SCCs, they have no reason to believe that the laws and practices applicable to the data importer, including any requirements around disclosure to, or access by, public authorities, prevent the data importer from complying with the New SCCs.

GDPR

GDPR Personal data IT Data breaches

State Activity on Privacy: Vermont Is First to Regulate Data Brokers

Data Matters

JUNE 11, 2018

Washington State notably adopted a law on net neutrality and there is the prospect of a ballot initiative in California that would give individuals the right to know which categories of their or their children’s personal data have been collected or traded by businesses. Other states may consider the Vermont approach.

Privacy

Privacy Sales Data breaches Personal data

List of Data Breaches and Cyber Attacks in October 2022 – 9.9 Million Records Breached

IT Governance

NOVEMBER 1, 2022

As always, you can find the full list of data breaches and cyber attacks below, divided into their respective categories. Million Records Breached appeared first on IT Governance UK Blog. However, it’s a warning sign for all organisations about the dangers of misconfigured Internet-facing servers. Cyber attacks.

Data breaches

Data breaches Ransomware Insurance Phishing

List of Data Breaches and Cyber Attacks in August 2022 – 97 Million Records Breached

IT Governance

SEPTEMBER 1, 2022

You can find the full list of incidents below, broken into their respective categories. The post List of Data Breaches and Cyber Attacks in August 2022 – 97 Million Records Breached appeared first on IT Governance UK Blog. Cyber attacks. Ransomware. Data breaches. Financial information. Malicious insiders and miscellaneous incidents.

Data breaches

Data breaches Ransomware Energy and Utilities Phishing

Why risk assessments are essential for GDPR compliance

IT Governance

OCTOBER 15, 2019

However, the GDPR is clear that data is also vulnerable to accidental or unlawful destruction, loss or disclosure. A version of this blog was originally published on 4 April 2018. The post Why risk assessments are essential for GDPR compliance appeared first on IT Governance Blog. The GDPR risk assessment methodology.

GDPR

GDPR Risk Compliance Personal data

California Enacts Broad Privacy Protections Modeled on GDPR

Data Matters

JUNE 29, 2018

Nonetheless, and despite the California legislators’ ostensible effort to achieve compromise, the new legislation requires disclosure, access, deletion, portability and enforcement far in excess of what U.S. Specific categories defined as personal information include. Privacy Policy Disclosures. biometric information.

GDPR

GDPR Privacy Sales Data breaches

Court Rules on Scope of Plaintiff Discovery Requests: eDiscovery Case Law

eDiscovery Daily

FEBRUARY 25, 2018

Mazzant granted the plaintiff’s motion to compel in part, ordering the defendants to produce documents related to four specific categories, but within certain parameters. With regard to category #3, Judge Mazzant stated: “The Court finds that to the extent that Defendants have not produced such information, they must do so.

Communications

Communications Education Government IT

Florida Has a New eDiscovery Checklist: eDiscovery Best Practices

eDiscovery Daily

NOVEMBER 16, 2017

During the Orlando event earlier this week, one of the sessions was presented by Ralph Losey, a regular thought leader interviewee on this blog, who discussed revisions and amendments to a notable Local Rule on Pretrial Procedure in Civil Actions. Those amendments include an excellent new 33 point eDiscovery checklist. Preservation (7 items).

e-Discovery

e-Discovery Education IT

Navigating the CCPA’s ‘Notice and Cure’ Provision

Data Matters

AUGUST 21, 2019

The CCPA’s private right of action provision gives California residents the right to sue companies when their personal information is subject to unauthorized access and exfiltration, theft, or disclosure due to a company’s failure “to implement and maintain reasonable security procedures and practices.”.

Data breaches

Data breaches Privacy Information Security Security

Comments at CCPA public forum in Los Angeles highlight tensions between businesses and consumer rights groups

Data Protection Report

JANUARY 31, 2019

Links to our previous blog articles: Article #1: Summary of CCPA’s major provisions. Article #4: CCPA disclosure requirements. The CCPA authorizes the Attorney General to promulgate regulations that will establish procedures to facilitate consumers’ rights. Article #2: CCPA covered entities. Article #5: CCPA “Right to Deletion”.

Sales

Sales Privacy Compliance GDPR

“What’s Cooking” in Sacramento: CCPA’s “Employee Exception” Bill is Amended; “Publicly Available Information” Exception is Broadened, and Consumer Access Rights are Clarified

Data Protection Report

JULY 3, 2019

This is the Data Protection Report’s eleventh blog post in a series of CCPA blog posts. Article 4: CCPA disclosure requirements. Stay tuned for additional posts on the CCPA. Our other CCPA articles: Article 1: Summary of CCPA’s major provisions. Article 2: CCPA covered entities. Article 5: CCPA “Right to Deletion”.

Access

Access Privacy Data Privacy Government

For a More Complete and Accurate Review, Be Persistent: eDiscovery Best Practices

eDiscovery Daily

FEBRUARY 15, 2018

o) Let’s face it: Failing to spot highly relevant, hot or privilege terms during document review can lead to important documents being missed or inadvertent disclosure of privileged information. Now, here’s a new review of our CloudNine platform by industry thought leader Tom O’Connor. So, what do you think?

Education

Education IT

How to prepare for the California Consumer Privacy Act

Thales Cloud Protection & Licensing

AUGUST 15, 2019

Last August, my colleague Ashvin Kamaraju wrote a blog shortly after this took place. This informing process should include the categories of PI collected, how that PI is used, and the categories of PI the business has shared or sold to third parties (and who these parties are) in the last year.

Privacy

Privacy GDPR Digital transformation Sales

One-Month Countdown to Pass CCPA Amendments Begins

Data Protection Report

AUGUST 12, 2019

Stay tuned for updates on this blog. The fifth bill is AB 1355 , which narrows the disclosure requirement to categories of third parties to which information was sold, rather than requiring disclosure on a specific third-party-by-third party basis. . Article 4: CCPA disclosure requirements.

Manufacturing

Manufacturing Sales Privacy Data Privacy

4 Steps in Streamlining Open Records Requests

Gimmal

JANUARY 12, 2022

For example, separating confidential information (and other categories that are excluded from disclosure) from your general records is immeasurably more time-consuming if it must be done manually in the review stage. Did you miss the beginning of this blog series? Read open records request 101.

FOIA

FOIA Records Management ROT Information governance

Accelerating scope 3 emissions accounting: LLMs to the rescue

Threat actors exploit recently disclosed Atlassian Confluence flaw in cryptomining campaign

Webinars

Trending Sources

Android pre-installed apps are affected by high-severity vulnerabilities

Webinars

Quick Threat Model Links October 2019

California Consumer Privacy Act: Disclosure requirements

Red TIM Research discovers a Command Injection with a 9,8 score on Resi

HHS updates online tracker guidance

SEC Announces 2022 Examination Priorities: Private Funds, ESG, Retail, Cyber, Digital Assets Top the List

Big California Privacy News: Legislative and Enforcement Updates

SEC Chair: Sweeping New Cybersecurity Rules Are Coming Soon

When are schools required to report personal data breaches?

HID Mercury Access Controller flaws could allow to unlock Doors

OCR Reduces HIPAA Penalties and Clarifies Liability for Transferring ePHI to Third-Party Health Apps

CCPA Marches On: California Attorney General Proposes Further Revisions to CCPA Regulations, Industry Pleads for Enforcement Delay Amid COVID-19 Crisis

A Microsoft 365 feature can ransom files on SharePoint and OneDriveCould

What is data loss and how does it work?

GDPR for small business: the ultimate guide

Understanding China’s Data Regulatory Regime: China Solicits Public Comments on Certification Rules for Cross-Border Data Processing Activities

Connecticut Strengthens Data Breach Notification Requirements and the Uniform Law Commission Approves and Recommends Comprehensive and Uniform State Privacy Legislation

California AG’s First Formal CCPA Opinion Directs Businesses to Disclose Internally-Generated Inferences and Expresses Skepticism Around Trade Secret Claims

Data breaches and cyber attacks quarterly review: Q2 2021

CCPA In-Depth Series: Draft Attorney General Regulations on Consumer Notice

A 6-step guide to surviving data breaches

The heat is on, is your school #BreachReady?

Third Time’s the Charm: CCPA Regulations Finally Approved With Limited Substantive Changes from June 2020 Version

CCPA: “Attorney General Amendment” Likely Dead

California Enacts Broad Privacy Laws Modeled on GDPR

Retailer Sued over Allegations that Background Check Consent Form Includes Extraneous Information

A February 2020 Surprise: California Attorney General Proposes Significant Revisions to CCPA Regulations

European Commission Adopts New Standard Contractual Clauses

State Activity on Privacy: Vermont Is First to Regulate Data Brokers

List of Data Breaches and Cyber Attacks in October 2022 – 9.9 Million Records Breached

List of Data Breaches and Cyber Attacks in August 2022 – 97 Million Records Breached

Why risk assessments are essential for GDPR compliance

California Enacts Broad Privacy Protections Modeled on GDPR

Court Rules on Scope of Plaintiff Discovery Requests: eDiscovery Case Law

Florida Has a New eDiscovery Checklist: eDiscovery Best Practices

Navigating the CCPA’s ‘Notice and Cure’ Provision

Comments at CCPA public forum in Los Angeles highlight tensions between businesses and consumer rights groups

“What’s Cooking” in Sacramento: CCPA’s “Employee Exception” Bill is Amended; “Publicly Available Information” Exception is Broadened, and Consumer Access Rights are Clarified

For a More Complete and Accurate Review, Be Persistent: eDiscovery Best Practices

How to prepare for the California Consumer Privacy Act

One-Month Countdown to Pass CCPA Amendments Begins

4 Steps in Streamlining Open Records Requests

Stay Connected