Calculating electronic records storage costs

The Schedule

This post will do the same for electronic records and follows the same formula of not taking into account personnel or overhead costs or depreciation of equipment. If you prefer a truncated version of this information, I’ve created a 1-page brochure of questions to consider about electronic records storage costs. Calculating the costs for storing your electronic records on premise will largely depend on the size of your organization.

Supply-Chain Attack against the Electron Development Platform

Schneier on Security

Electron is a cross-platform development system for many popular communications apps, including Skype, Slack, and WhatsApp. From a news article : At the BSides LV security conference on Tuesday, Pavel Tsakalidis demonstrated a tool he created called BEEMKA , a Python-based tool that allows someone to unpack Electron ASAR archive files and inject new code into Electron's JavaScript libraries and built-in Chrome browser extensions.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

RCE flaw in Electronic Arts Origin client exposes gamers to hack

Security Affairs

Electronic Arts (EA) has fixed a security issue in the Windows version of its gaming client Origin that allowed hackers to remotely execute code on an affected computer. Electronic Arts (EA) has addressed a vulnerability in the Windows version of its gaming client Origin that allowed hackers to remotely execute code on an affected computer. Electronic Arts already released a security patch for the remote code execution vulnerability.

Tools TSLAC Uses To Access and Make Available Older Formats

The Texas Record

If you’ve ever taken our Managing Electronic Records class or perused our electronic records webinars, you’re aware that a major responsibility for storing records electronically is providing continuous access to those records throughout their life cycle. In our courses, we offer several strategies for providing continuous access, one of which involves holding onto older hardware and software needed to access these older formats.

More Attacks against Computer Automatic Update Systems

Schneier on Security

As in the ASUS case, the samples were using digitally signed binaries from three other Asian vendors: Electronics Extreme, authors of the zombie survival game called Infestation: Survivor Stories , Innovative Extremist, a company that provides Web and IT infrastructure services but also used to work in game development, Zepetto, the South Korean company that developed the video game Point Blank.

Magecart cybercrime group stole customers’ credit cards from Newegg electronics retailer

Security Affairs

Magecart hackers have stolen customers’ credit card data from the computer hardware and consumer electronics retailer Newegg. The Magecart cybercrime group is back, this time the hackers have stolen customers’ credit card data from the computer hardware and consumer electronics retailer Newegg. behind the Ticketmaster and British Airways data breaches has now victimized popular computer hardware and consumer electronics retailer Newegg.

Supreme Court of Pennsylvania Ruling on Common Law Duty to Protect Electronic Employee Data

Hunton Privacy

The case arose from a data breach in which criminals accessed UPMC’s computer systems and stole the personal and financial information of 62,000 current and former UPMC employees. The court held that: (1) an employer has a duty under Pennsylvania common law to use reasonable care to safeguard its employees’ sensitive personal information that it stores on Internet-accessible computer systems; and (2) Pennsylvania’s economic loss doctrine did not bar the plaintiffs’ negligence claim.

FAQ: How does web archiving fit into records management?

The Texas Record

Other things to consider are the cost of the storage that will be needed to meet retention and security obligations, the level of ease certain web archiving systems will bring in accessing your records as technology changes, and any records management policies that may need revision to comply with state laws and rules and in anticipation of any public information requests for records that were created through any technology used by your organization to carry out its day-to-day operations.

Capital One data breach: hacker accessed details of 106M customers before its arrest

Security Affairs

A hacker that goes online with the handle “erratic” breached the systems at Capital One and gained access to personal information from 106 million Capital One credit applications. “A former Seattle technology company software engineer was arrested today on a criminal complaint charging computer fraud and abuse for an intrusion on the stored data of Capital One Financial Corporation, announced U.S. Thompson was charged with computer fraud and abuse in U.S.

RIM-brain in Movies and TV

The Texas Record

The Rebels engaged in social engineering tactics—using ways of fooling the user into providing data or access to information—to steal the schematic plans for the Death Star. K-2SO was then able to login to the computer system in the Scarif base. Ah, working from home!

ROT 80

Andrew’s Favorite Retention Series: Software Programs

The Texas Record

My favorite holds an incredibly special place in my heart, for this series encapsulates the essence of good records management and the goal of accessibility. In the first ever Local Schedule GR published in 1992, software accessibility goals are outlined in the preamble, but no discrete series appears. Retention Note: If the retention period of electronic records is extended to meet requirements of an audit, litigation, Public Information Act request, etc.

Andrew’s Favorite Retention Series: Software Programs

The Texas Record

My favorite holds an incredibly special place in my heart, for this series encapsulates the essence of good records management and the goal of accessibility. In the first ever Local Schedule GR published in 1992, software accessibility goals are outlined in the preamble, but no discrete series appears. Retention Note: If the retention period of electronic records is extended to meet requirements of an audit, litigation, Public Information Act request, etc.

Maryland Court Finds Coverage for Lost Data and Slow Computers After Ransomware Attack

Hunton Privacy

State Auto Property and Casualty Insurance Company , finding coverage for a cyber attack under a non-cyber insurance policy after the insured’s server and networked computer system were damaged as a result of a ransomware attack. National Ink’s server and networked computers experienced a ransomware attack, which prevented National Ink from accessing the logos, designs and software that are stored on these servers.

HHS Releases Guidance on HIPAA and Cloud Computing

Hunton Privacy

Earlier this month, the Department of Health and Human Services’ Office for Civil Rights issued guidance (the “Guidance”) for HIPAA-covered entities that use cloud computing services involving electronic protected health information (“ePHI”). The Guidance also clarifies that CSPs do not fall within the conduit exception to the HIPAA Rules, because the conduit exception is limited to entities that transmit, and in the process only have transient access to, PHI.

AUSTRALIA: Assistance and Access Act, December 2018 – Holy grail of uncertainty created by new rushed-in data encryption laws

DLA Piper Privacy Matters

On 6 December 2018, the Australian Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 (Cth) (the Act ) was rushed through both houses of Federal Parliament without amendment and received royal assent on 8 December 2018. Uncategorized Assistance and Access Act encryption intelligence gathering Investigatory Powers Act 2016 penalties telecommunications

Utah Governor Signs Electronic Data Privacy Bill Requiring Warrants to Access Certain Types of Data

Hunton Privacy

law to protect electronic information that individuals have shared with certain third parties. Representative Craig Hall, R-Utah, who introduced the bill, stated that the goal “is to provide the same protections we have in the physical world and apply those to the electronic world.” On March 27, 2019, Utah Governor Gary Herbert signed HB57, the first U.S.

Appellate Court Vacates Order Allowing Plaintiff’s Expert Access to Defendant’s ESI Prior to Privilege Determination: eDiscovery Case Law

eDiscovery Daily

6, 2019) , the Court of Appeals of North Carolina, holding that the trial court abused its discretion by compelling production through a protocol that provided the plaintiffs’ expert with direct access to potentially privileged information and precluded reasonable efforts by Defendants to avoid waiving any privilege, vacated the order and remand for further proceedings not inconsistent with its opinion. Case Law Electronic Discovery Privileged Production SearchingIn Crosmun v.

Appellate Court Vacates Order Allowing Plaintiff’s Expert Access to Defendant’s ESI Prior to Privilege Determination: eDiscovery Case Law

eDiscovery Daily

6, 2019) , the Court of Appeals of North Carolina, holding that the trial court abused its discretion by compelling production through a protocol that provided the plaintiffs’ expert with direct access to potentially privileged information and precluded reasonable efforts by Defendants to avoid waiving any privilege, vacated the order and remand for further proceedings not inconsistent with its opinion. Case Law Electronic Discovery Privileged Production SearchingIn Crosmun v.

Microsoft Calls for Legislative Action to Set Rules for Cloud Computing

Hunton Privacy

Microsoft is urging Congress and the information technology industry to act now to ensure that cloud computing is guided by an international commitment to privacy, security and transparency for consumers, businesses and government. Information Security Online Privacy Cloud Computing Computer Fraud and Abuse Act Electronic Communications Privacy Act Microsoft

Sealed U.S. Court Records Exposed in SolarWinds Breach

Krebs on Security

This suggests the attackers were targeting the agency for deeper access to its networks and communications.

NIST Issues Guidelines on Security and Privacy in Public Cloud Computing

Hunton Privacy

The National Institute of Standards and Technology (“NIST”) has issued draft Guidelines on Security and Privacy in Public Cloud Computing (SP 800-144) (the “Guidelines”) for public comment. The Guidelines provide an overview of the security and privacy challenges pertinent to public cloud computing, and identify considerations for organizations outsourcing data, applications and infrastructure to a public cloud environment. Identity & Access Management.

An Early Recap of Privacy in 2020: A US Perspective

Data Matters

The CJEU did not so much as ask whether any EU member state has an oversight body to examine and judge the privacy or civil rights implications of electronic surveillance the way PCLOB and Foreign Intelligence Surveillance Court do — with full national security clearance to access the deepest secrets of signals intelligence. communications service providers to produce the contents of electronic communications they store outside the United States in response to U.S.

Hong Kong Regulator Imposes New Conditions to Regulate Outsourcing Arrangements for Cloud Storage

Data Matters

The Securities and Futures Commission of Hong Kong (SFC) issued new guidance to regulate the use of external electronic data storage providers (EDSPs 1 ) by licensed firms that intend to keep (or have previously kept) records or documents required to be maintained pursuant to the statutory recordkeeping rules and anti-money-laundering regime (Regulatory Records) in an online environment. Accessibility requirements. Asia Cloud Computing Cybersecurity

With No Showing of Prejudice, Court Denies Spoliation Sanctions Against Defendant: eDiscovery Case Law

eDiscovery Daily

McCarthy, finding that the plaintiffs “have not demonstrated they have been prejudiced” by the loss of the plaintiff former employee’s work computer, denied the plaintiffs’ motion for sanctions “without prejudice to reassertion of the motion if through discovery it is determined that some specific evidence is beyond Plaintiffs’ reach” for the defendant’s “clear failure” to preserve the computer. Case Law Electronic Discovery Preservation SanctionsIn Mafille v.

Three Charged in July 15 Twitter Compromise

Krebs on Security

was charged in a criminal complaint in Northern California with aiding and abetting intentional access to a protected computer. also was charged in California with conspiracy to commit wire fraud, money laundering and unauthorized access to a computer.

FAQ Redux: Can a state agency destroy a paper original after scanning?

The Texas Record

While there is not an explicit paragraph in the rules stating that any record can be store electronically, in Section 6.92(4), 4), the definition of an electronic state record references Government Code, Section 441.189(a), which states: Any state record may be created or stored electronically in accordance with standards and procedures adopted as administrative rules of the commission. And what are the requirements for keeping a record electronically now?

Strategies to Protect your Records from Ransomware

The Texas Record

Once the criminals gain access to the system, they plant a virus, causing problems when trying to retrieve records from these systems. Backup your information: Your data should be backed up in multiple locations, primarily in locations where it is not constantly connected to the computer or network. Ensure someone checks these backups regularly to ensure that they are accessible. The security of electronic records is a joint responsibility of RM and IT.

Amicus Brief on CFAA

Adam Shostack

The EFF has filed an amicus brief on the Computer Fraud and Abuse Act: Washington, D.C.—The The Electronic Frontier Foundation (EFF) and leading cybersecurity experts today urged the Supreme Court to rein in the scope of the Computer Fraud and Abuse Act (CFAA)—and protect the security research we all rely on to keep us safe—by holding that accessing computers in ways that violate terms of service (TOS) does not violate the law.

Confessions of an ID Theft Kingpin, Part I

Krebs on Security

Now, after more than seven years in prison Hieupc is back in his home country and hoping to convince other would-be cybercrooks to use their computer skills for good. Ten years ago, then 19-year-old hacker Ngo was a regular on the Vietnamese-language computer hacking forums.

Court Denies Criminal Defendant’s Motion to Suppress Evidence Obtained via Warrantless Search: eDiscovery Case Law

eDiscovery Daily

Immergut denied the defendant’s motion to suppress emails and evidence derived from a warrantless search of Defendant’s workplace email account, finding “any expectation of privacy in Defendant’s work email was objectively unreasonable under the military’s computer-use policies in effect at his workplace.”. Case Law Electronic Discovery Email PrivacyIn United States v. Caputo, No. 3:18-cr-00428-IM (D. Or Nov. 6, 2019) , Oregon District Judge Karin J.

Fund Managers Targeted in Sophisticated Cyberattacks

Data Matters

These controls include the following: Implement multifactor authentication: Multifactor authentication is widely lauded as the most effective control to detect and prevent unauthorized access. For remote access to emails, trading systems and other electronic data containing confidential information, the authentication mechanism should utilize at least two of the following factors: what a person knows (e.g.,

Fund Managers Targeted in Sophisticated Cyberattacks

Data Matters

These controls include the following: Implement multifactor authentication: Multifactor authentication is widely lauded as the most effective control to detect and prevent unauthorized access. For remote access to emails, trading systems and other electronic data containing confidential information, the authentication mechanism should utilize at least two of the following factors: what a person knows (e.g.,

Despite Estimate of 37 Years to Crack iPhone, Government Doesn’t Have to Return it – Yet: eDiscovery Case Law

eDiscovery Daily

2019, a search warrant over a year earlier was issued for Morgan Management, LLC, which included search and seizure of “multiple servers, computers or storage media … including but not limited to … devices … associated with … Robert Morgan.” The government suggests that if it is successful, the contents of the iPhone could still be used at trial, regardless of when the contents are eventually accessed. Tired of stories about COVID-19? So are we.

STEPS FORWARD: Math geniuses strive to make a pivotal advance — by obfuscating software code

The Last Watchdog

Related: How Multi Party Computation is disrupting encrypti on An accomplished violinist, Einstein, no doubt, appreciated the symmetry of his metaphor. Our top math geniuses point to iO as a cornerstone needed to unleash the full potential of artificially intelligent (AI) programs running across highly complex and dynamic cloud platforms, soon to be powered by quantum computers. Allen School of Computer Science & Engineering — puts us one step closer to a working iO prototype.

Four individuals charged for the recent Twitter hack

Security Affairs

The teen is believed to have gained access to Twitter’s backend, then he used an internal tool to take over several high-profile accounts and promote a cryptocurrency scam.

U.S. Supreme Court to Weigh in on Extraterritorial Search Warrant Dispute

Data Matters

The decision now under review held that electronic communications that are stored exclusively on foreign servers cannot be reached by U.S. provider that can access the foreign-stored information, and deliver it to U.S. officials, by using computers and personnel based in the United States. government’s contention that the Second Circuit’s approach eliminates “access to data necessary to advance important U.S. On October 16, 2017, the U.S.

Court Sanctions Plaintiff for Spoliation of Facebook Account: eDiscovery Case Law

eDiscovery Daily

The plaintiff claimed that prior to the discovery request, she had lost her cell phone, after which “she tried to access [her] Facebook account using [her] home computer” but got blocked out for unsuccessful attempts to log into the account and when she got a new phone, she tried again to access her Facebook account but was unable to do so and she did not “ha[ve] access to [the] Facebook account ever again.”

According to the ABA, Lawyers are “Failing at Cybersecurity”: Cybersecurity Trends

eDiscovery Daily

Articles on cloud computing , cybersecurity and websites and marketing were released free online. The survey found that the most popular security measure being used by 35% of respondents was secure socket layers (SSL), which encrypt computer communications, including web traffic. Electronic Discovery Privacy Security

Will Lawyers Ever Embrace Technology?: eDiscovery Best Practices, Part Four

eDiscovery Daily

By that I mean, there just isn’t a clear path to accessible resources for the lawyer who wants to get a handle on the technology. Do they go to a community night course on computers? Beyond that, I’d also suggest the following books which are worth consulting as well: A Process of Illumination: The Practical Guide To Electronic Discovery , Mary Mack (available on Amazon here ). Electronic Discovery Ethics Evidence

Court Denies Request for Production of Forensic Image: eDiscovery Case Law

eDiscovery Daily

An item in dispute was a computer used by an employee when he was working for Finos, which was in the possession of those partners at the time of the dissolution and became their property. During discovery, the plaintiff learned that the Finos computer was in the possession of those partners, who were not parties to this litigation. Apex was not given a full forensic image of the Finos computer hard drive. Case Law Electronic Discovery ProductionIn Apex Colors, Inc.