2020, Data and Definition - Information Management Today

Security in 2020: Revisited

Schneier on Security

FEBRUARY 7, 2020

Ten years ago, I wrote an essay : "Security in 2020." Well, it's finally 2020. In the next 10 years, the traditional definition of IT security -- that it protects you from hackers, criminals, and other bad guys -- will undergo a radical shift. In 10 years, most computers will be small, specialized, and ubiquitous.

Security

Security Communications Access Artificial Intelligence

Acuity Who? Attempts and Failures to Attribute 437GB of Breached Data

Troy Hunt

NOVEMBER 14, 2023

Allegedly, Acuity had a data breach. That's the context that accompanied a massive trove of data that was sent to me 2 years ago now. It was only this week as I desperately tried to make some space to process yet more data that I realised why I was short on space in the first place: Ah, yeah - Acuity - that big blue 437GB blob.

Insurance

Insurance Data breaches Mining IT

Microsoft Patch Tuesday, May 2021 Edition

Krebs on Security

MAY 11, 2021

By all accounts, the most pressing priority this month is CVE-2021-31166 , a Windows 10 and Windows Server flaw which allows an unauthenticated attacker to remotely execute malicious code at the operating system level. With this weakness, an attacker could compromise a host simply by sending it a specially-crafted packet of data.

Encryption

Encryption Authentication Ransomware IT

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

It is essential that your organization’s records retention schedule is compliant with the data protection requirements in the jurisdictions where your organization operates. Definition and Purpose of a Records Retention Schedule. Introduction to Data Protection Laws. Understanding the Changes.

Personal data

Personal data GDPR Privacy Records Management

5 Early Indicators Your Embedded Analytics Will Fail

Many application teams leave embedded analytics to languish until something—an unhappy customer, plummeting revenue, a spike in customer churn—demands change. But by then, it may be too late. In this White Paper, Logi Analytics has identified 5 tell-tale signs your project is moving from “nice to have” to “needed yesterday.".

Analytics

Top 3 Black Friday 2020 scams to avoid

IT Governance

NOVEMBER 23, 2020

Luckily the shop has free Wi-Fi, so you take out your phone and, wouldn’t you know, Amazon has the same TV on sale with a further 10% off, but time is running out on the deal. You definitely shouldn’t buy the TV online there and then. If you want to do online shopping while out and about, you’d be much better off using mobile data.

Phishing

Phishing Sales Retail Passwords

The Digital Markets Act Is Almost Here: 10 Things to Know About the EU’s New Rules for Big Tech

Data Matters

JUNE 1, 2022

There is a lot to digest, so below is our breakdown of the top 10 key points you should know about the EU’s new rules. June 2023: Deadline for notifications to the Commission on whether the undertaking meets the criteria and falls within the definition of “gatekeeper.”. process and use personal data. Key dates and next steps.

Marketing

Marketing Computer and Electronics Communications GDPR

Overcoming the 80/20 Rule – Finding More Time with Data Intelligence

erwin

JUNE 22, 2020

It describes an unfortunate reality for many data stewards, who spend 80 percent of their time finding, cleaning and reorganizing huge amounts of data, and only 20 percent of their time on actual data analysis. Earlier this year, erwin released its 2020 State of Data Governance and Automation (DGA) report.

Metadata

Metadata Government Digital transformation IT

FINRA Issues its 2020 Artificial Intelligence Report for Industry Comment

Data Matters

JUNE 17, 2020

FINRA requests industry feedback on topics covered in the Report by August 31, 2020. FINRA acknowledges that there is no universally agreed-on definition of AI and refers to it as an “umbrella term” that encompasses a broad range of different technologies and applications. Data Governance. data integration. data security.

Artificial Intelligence

Artificial Intelligence IT Risk Privacy

Uncovering Memory Defects In Cereal (CVE 2020-11104 & CVE-2020-11105)

ForAllSecure

MAY 26, 2020

Two CVEs: CVE-2020-11104 and CVE-2020-11105. They were both reported in March 2020 to the cereal developers as part of our responsible disclosure. We also reported these in March 2020 to the cereal developers, and it’s still unclear which ones are just bugs and which might represent vulnerabilities.

Libraries

Libraries Archiving IT Education

UNCOVERING MEMORY DEFECTS IN CEREAL (CVE-2020-11104 & CVE-2020-11105)

ForAllSecure

MAY 26, 2020

Two CVEs: CVE-2020-11104 and CVE-2020-11105. They were both reported in March 2020 to the cereal developers as part of our responsible disclosure. We also reported these in March 2020 to the cereal developers, and it’s still unclear which ones are just bugs and which might represent vulnerabilities.

Libraries

Libraries Archiving IT Education

Uncovering Memory Defects In Cereal (CVE 2020-11104 & CVE-2020-11105)

ForAllSecure

MAY 26, 2020

Two CVEs: CVE-2020-11104 and CVE-2020-11105. They were both reported in March 2020 to the cereal developers as part of our responsible disclosure. We also reported these in March 2020 to the cereal developers, and it’s still unclear which ones are just bugs and which might represent vulnerabilities.

Libraries

Libraries Archiving IT Education

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

Data Matters

MARCH 28, 2022

For example, the number of breaches of unsecured electronic Personal Health Information (“ePHI”) reported to the OCR affecting 500 or more individuals due to hacking or IT incidents increased 45% from 2019 to 2020. R-LA) introduced the Health Data Use and Privacy Commission Act (“Act”) on February 10, 2022.

Cybersecurity

Cybersecurity Privacy Insurance Risk

Regulatory Update: NAIC Summer 2020 National Meeting

Data Matters

SEPTEMBER 3, 2020

The National Association of Insurance Commissioners (NAIC) held its Summer 2020 National Meeting (Summer Meeting) from July 27 to August 14, 2020. The NAIC adopted the revised SAT in February 2020, and since that time, several states, including Idaho, Iowa, Kentucky, Ohio and Rhode Island, have begun efforts to adopt the revisions.

Insurance

Insurance Paper Artificial Intelligence Big data

A February 2020 Surprise: California Attorney General Proposes Significant Revisions to CCPA Regulations

Data Matters

FEBRUARY 12, 2020

Just as companies were starting to recover from their exertions to put in place California Consumer Privacy Act (“CCPA”) compliance programs before the law’s January 1, 2020 entry into force, the California Attorney General (“AG”) provided an early February surprise. In short, the revisions were both sooner and more significant than expected.

Privacy

Privacy Compliance Archiving Sales

Belgian Data Protection Authority Releases Direct Marketing Recommendation

Hunton Privacy

FEBRUARY 25, 2020

On February 10, 2020, the Belgian Data Protection Authority (the “Belgian DPA”) published its Recommendation 1/2020 on data processing activities for direct marketing purposes (the “Recommendation”). Some of the key takeaways from the Recommendation include: Definition. Processing Purposes.

Marketing

Marketing Personal data GDPR Communications

State of the Union: CCPA and Beyond in 2020

Data Protection Report

JANUARY 13, 2020

A few companies simply included CCPA’s broad definition of sale in the privacy policy and stated that under CCPA’s definition, “a sale may or may not have occurred.”. On October 10, 2019, the California Attorney General (AG) issued for public comment the Proposed Text of Regulations to clarify components of the CCPA.

Privacy

Privacy B2B Sales Compliance

Consultation paper published on Hong Kong’s data protection law

Data Protection Report

JANUARY 16, 2020

CB(2) 512/19-20(03 ) (the Paper ) seeking views on changes to Personal Data (Privacy) Ordinance (Cap.486) Certainty around data retention periods. It is proposed that data users will be required to have clear retention policies. 486) (the PDPO ). details on the method of notification, as well as the content.

Paper

Paper Personal data Data breaches Privacy

Cloud, Intelligent Content Services, and Digital Fragility: What’s on the RIM Horizon for 2020

ARMA International

DECEMBER 26, 2019

For 2019, 34% of RIM professionals reported they had restructured their programs, with an additional 31% planning to do so into 2020. Just 59% of surveyed RIM professionals are included in their company’s IT strategic planning, including activities such as requirements definition and vendor selection – down from 67% in 2017.

Content services

Content services Cloud Records Management Privacy

CCPA Enforcement Date Rapidly Approaching: California Attorney General Proposes Regulations for Final Review With July 1, 2020 Less Than One Month Away

Data Matters

JUNE 4, 2020

On June 1, 2020, California’s Office of the Attorney General (“AG”) moved one step closer to finalizing the California Consumer Privacy Act (“CCPA”) regulations when the AG submitted proposed final regulations for review and approval by California’s Office of Administrative Law (“OAL”).

Privacy

Privacy Compliance Sales IT

Will CCPA Be a “Dumpster Fire” for Those Trying to Comply? Here are 10 Reasons it Might Be: Data Privacy Trends

eDiscovery Daily

JULY 7, 2019

We’re less than six months away from the scheduled start of the California Consumer Privacy Act (CCPA) on January 1, 2020. In Truth on the Market ( 10 Reasons Why the California Consumer Privacy Act (CCPA) Is Going to Be a Dumpster Fire , written by Alec Stapp), real estate developer Alastair Mactaggart spent nearly $3.5

Data Privacy

Data Privacy Privacy GDPR IT

Second Modified CCPA Draft Regulations Released—Comments Due March 27

HL Chronicle of Data Protection

MARCH 12, 2020

These modifications update the initial draft regulations published on October 11, 2019 as well as the first set of modified draft regulations published on February 10, 2020 (as we previously covered here and here ). Below is a summary of key changes: Definitions. Guidance Regarding the Interpretation of CCPA Definitions.

Sales

Sales Privacy Compliance Government

Redefining clinical trials: Adopting AI for speed, volume and diversity

IBM Big Data Hub

MAY 6, 2024

In 2022, less than 10% of trial participants for FDA approval were Black, fewer than 12% were Asian, under 13% were Hispanic, and women constituted less than 50% (Exhibit 3), not reflective of the current US population. The FDA’s 2020 guidance emphasized expanding eligibility criteria and reducing unnecessary exclusions.

Computer and Electronics

Computer and Electronics Healthcare Artificial Intelligence Marketing

UK ICO Publishes First Two Reports from its Data Protection Sandbox Pilot

Hunton Privacy

JULY 28, 2020

On July 23, 2020, the UK Information Commissioner’s Office (the “ICO”) published the first two reports of its Data Protection Regulatory Sandbox Beta phase (the “Beta phase”) involving projects by Jisc (a not-for-profit organization serving the higher and further education and skills sectors) and Heathrow Airport Ltd.

IT

IT GDPR Personal data Compliance

Automated Security and Compliance Attracts Venture Investors

eSecurity Planet

FEBRUARY 14, 2023

When Markowitz departed Portfolium after selling the company to Instructure, he teamed up with Daniel Marashalin and Troy Markowitz to launch Drata in the summer of 2020. Growth has definitely been robust. billion valuation in less than seven years and earning a top 10 ranking in our list of the top cybersecurity companies.

Compliance

Compliance Security Cybersecurity Marketing

Consultation paper published on Hong Kong’s data protection law

Data Protection Report

JANUARY 16, 2020

CB(2) 512/19-20(03 ) (the Paper ) seeking views on changes to Personal Data (Privacy) Ordinance (Cap.486) Certainty around data retention periods. It is proposed that data users will be required to have clear retention policies. 486) (the PDPO ). details on the method of notification, as well as the content.

Paper

Paper Personal data Data breaches Privacy

Regulatory Update: NAIC Summer 2022 National Meeting

Data Matters

SEPTEMBER 7, 2022

In parallel with its development of the new model, the Privacy Working Group is continuing to draft a white paper on data ownership and use rights. 5R) — to address new concepts included in the Financial Accounting Standards Board (FASB) revisions to the definition of an “asset” and a “liability.” 26R — Bonds (SSAP No. 4) and SSAP No.

Insurance

Insurance Paper Privacy Risk

State of the Union: CCPA and Beyond in 2020

Data Protection Report

JANUARY 13, 2020

A few companies simply included CCPA’s broad definition of sale in the privacy policy and stated that under CCPA’s definition, “a sale may or may not have occurred.”. On October 10, 2019, the California Attorney General (AG) issued for public comment the Proposed Text of Regulations to clarify components of the CCPA.

Privacy

Privacy B2B Sales Compliance

Nine States Pass New And Expanded Data Breach Notification Laws

Data Protection Report

JUNE 27, 2019

Illinois, Maine, Maryland, Massachusetts, New Jersey, New York, Oregon, Texas, and Washington have all amended their breach notification laws to either expand their definitions of personal information, or to include new reporting requirements. Massachusetts ( HB 4806 ) – Massachusetts expands data breach notification obligations.

Data breaches

Data breaches Passwords Privacy Military

Regulatory Update: NAIC Summer 2021 National Meeting

Data Matters

SEPTEMBER 20, 2021

Moody’s Analytics, in collaboration with the American Council of Life Insurers, developed the revised bond factors, which are based on more recent historical data, as the data on which the prior factors were based was approximately 30 years old. short sale borrowings. reverse repurchase agreements or similar financing.

Insurance

Insurance e-Delivery Paper Sales

European Union Reached a Political Agreement on the Digital Markets Act

Hunton Privacy

MARCH 29, 2022

These include: Adding web browsers and voice assistants to the definition of “core platform services” but excluding connected TVs from the DMA’s scope. Increasing the maximum level of fines for non-compliance from 10% to 20% of the gatekeeper’s worldwide revenue in cases of repeated infringements.

Marketing

Marketing GDPR Compliance Paper

Legaltech 2020 Preview Edition: eDiscovery Trends

eDiscovery Daily

JANUARY 27, 2020

: o ) Next week during the show, I’ll cover the main conference sessions each day that relate to eDiscovery, Information Governance, Cybersecurity and Data Privacy to give you a complete sense of options. In just 10 years the case law around eDiscovery AI & Analytics has exploded. Is more evidence a bad thing?

e-Discovery

e-Discovery Data Privacy Blockchain Education

Think Outside of the Gartner Magic Quadrant for Master Data Management Solutions to Deliver Connected Customer Experiences

Reltio

JANUARY 23, 2020

Connected customer data from many sources is required to make this happen. A common one has been master data management (MDM). . The Gartner Magic Quadrant for Master Data Management Solutions, 2020 was just published. Clean data is important. Or transactional data. Or social data. Google it.

Customer Experience

Customer Experience MDM Healthcare Marketing

Ireland/EU: Irish DPC bans Meta’s EU-US data flows and issues record €1.2bn fine

DLA Piper Privacy Matters

MAY 23, 2023

For Meta, the decision has resulted in a record administrative fine of €1.2bn, an order to suspend further transfers of EEA personal data to the US within five months, and an order to cease all unlawful processing of EEA personal data transferred to the US in violation of GDPR, within six months.

Personal data

Personal data GDPR Risk Privacy

Oregon Extends Data Breach Notification Requirements to Include Third-Party Vendors

Hunton Privacy

JUNE 6, 2019

The Bill, which takes effect January 1, 2020, amends the Oregon Consumer Identity Theft Protection Act (“OCITPA”) by enhancing the breach notification requirements applicable to third-party vendors. On May 24, 2019, Oregon Governor Kate Brown signed Senate Bill 684 (the “Bill”) into law.

Data breaches

Data breaches Insurance Authentication Compliance

ERMAC, a new banking Trojan that borrows the code from Cerberus malware

Security Affairs

SEPTEMBER 27, 2021

ERMAC is a new Android banking Trojan that can steal financial data from 378 banking and wallet apps. The source code of Cerberus was released in September 2020 on underground hacking forums after its operators failed an auction. I will rent a new android botnet with wide functionality to a narrow circle of people (10 people).

Encryption

Encryption Communications Government IT

California Privacy Law Overhaul – Proposition 24 Passes

Data Matters

NOVEMBER 4, 2020

The law, most of which does not go into effect until January 1, 2023, will substantially overhaul and amend the California Consumer Privacy Act (CCPA) which went into effect just this year, on January 1, 2020, with final regulations issued just a few months ago, on August 14, 2020. A Closer Look at Key CPRA Provisions.

Privacy

Privacy B2B Sales Data breaches

Takeaways From CCPA Public Forums

Data Matters

FEBRUARY 12, 2019

The CCPA was written and enacted with extraordinary speed, as legislators felt the need to move quickly in order to preempt a data privacy ballot initiative that had received enough signatures to be placed on California’s November ballot. Definition of Unique Identifiers. Updating as needed the definition of unique identifiers.

Sales

Sales Privacy Data Privacy Compliance

Client Alert: CA Attorney General’s Office Begins Rulemaking Process with First Public Hearing While US Congress Debates New US Federal Privacy Law

Data Protection Report

JANUARY 14, 2019

The California Consumer Privacy Act of 2018 (“CCPA”), California’s new privacy law which takes effect on January 1, 2020, requires the Attorney General to adopt implementing regulations that further the objectives of the CCPA. Others proposed narrowing the definition of “sale” to exclude online advertising. 628-231-6809.

Privacy

Privacy GDPR Compliance Sales

HHS Issues Proposed Rule Modernizing HIPAA Privacy Rule

Data Matters

DECEMBER 15, 2020

On December 10, 2020, the U.S. The proposed changes are designed to lead to increased data access, sharing, and portability and to further HHS’s emphasis on patients’ right of information access, which has been highlighted through a series of enforcement actions in 2020. Healthcare Operations Definition.

Privacy

Privacy Access Insurance Communications

NEW TECH: CASBs continue evolving to help CISOs address multiplying ‘cloud-mobile’ risks

The Last Watchdog

APRIL 29, 2020

We met at RSA 2020 and had a lively discussion about how today’s cloud-mobile environment enables network users to bypass traditional security controls creating gaping exposures, at this point, going largely unaddressed. So if you’re a Microsoft shop, you’re on an Office 365 and a Windows 10 migration path.

Cloud

Cloud Risk Privacy GDPR

New York Enacts New Data Security Laws

HL Chronicle of Data Protection

AUGUST 8, 2019

The SHIELD Act also updates the definition of breach to include incidents involving unauthorized access to certain information about individuals. If the breach affects over 500 New York residents, the business must provide the low risk-of-harm assessment to the attorney general within 10 days.

Security

Security Data breaches Risk Access

How Cybercriminals are Weathering COVID-19

Krebs on Security

APRIL 30, 2020

One of the more common and perennial cybercriminal schemes is “reshipping fraud,” wherein crooks buy pricey consumer goods online using stolen credit card data and then enlist others to help them collect or resell the merchandise. “Reshipping definitely has become more complicated,” Holden said. FUELED BY MULES.

Computer and Electronics

Computer and Electronics Marketing Retail Sales

Welcome to Legaltech New York 2020!: eDiscovery Trends

eDiscovery Daily

FEBRUARY 3, 2020

There are several interesting sessions today related to eDiscovery, Information Governance, Cybersecurity and Data Privacy. In just 10 years the case law around eDiscovery AI & Analytics has exploded. We’ll also provide a readout on the state of developments in global data privacy and protection law matters.

Education

Education Data Privacy GDPR Compliance

Security in 2020: Revisited

Acuity Who? Attempts and Failures to Attribute 437GB of Breached Data

Trending Sources

Microsoft Patch Tuesday, May 2021 Edition

The Impact of Data Protection Laws on Your Records Retention Schedule

5 Early Indicators Your Embedded Analytics Will Fail

Top 3 Black Friday 2020 scams to avoid

The Digital Markets Act Is Almost Here: 10 Things to Know About the EU’s New Rules for Big Tech

Overcoming the 80/20 Rule – Finding More Time with Data Intelligence

FINRA Issues its 2020 Artificial Intelligence Report for Industry Comment

Uncovering Memory Defects In Cereal (CVE 2020-11104 & CVE-2020-11105)

UNCOVERING MEMORY DEFECTS IN CEREAL (CVE-2020-11104 & CVE-2020-11105)

Uncovering Memory Defects In Cereal (CVE 2020-11104 & CVE-2020-11105)

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

Regulatory Update: NAIC Summer 2020 National Meeting

A February 2020 Surprise: California Attorney General Proposes Significant Revisions to CCPA Regulations

Belgian Data Protection Authority Releases Direct Marketing Recommendation

State of the Union: CCPA and Beyond in 2020

Consultation paper published on Hong Kong’s data protection law

Cloud, Intelligent Content Services, and Digital Fragility: What’s on the RIM Horizon for 2020

CCPA Enforcement Date Rapidly Approaching: California Attorney General Proposes Regulations for Final Review With July 1, 2020 Less Than One Month Away

Will CCPA Be a “Dumpster Fire” for Those Trying to Comply? Here are 10 Reasons it Might Be: Data Privacy Trends

Second Modified CCPA Draft Regulations Released—Comments Due March 27

Redefining clinical trials: Adopting AI for speed, volume and diversity

UK ICO Publishes First Two Reports from its Data Protection Sandbox Pilot

Automated Security and Compliance Attracts Venture Investors

Consultation paper published on Hong Kong’s data protection law

Regulatory Update: NAIC Summer 2022 National Meeting

State of the Union: CCPA and Beyond in 2020

Nine States Pass New And Expanded Data Breach Notification Laws

Regulatory Update: NAIC Summer 2021 National Meeting

European Union Reached a Political Agreement on the Digital Markets Act

Legaltech 2020 Preview Edition: eDiscovery Trends

Think Outside of the Gartner Magic Quadrant for Master Data Management Solutions to Deliver Connected Customer Experiences

Ireland/EU: Irish DPC bans Meta’s EU-US data flows and issues record €1.2bn fine

Oregon Extends Data Breach Notification Requirements to Include Third-Party Vendors

ERMAC, a new banking Trojan that borrows the code from Cerberus malware

California Privacy Law Overhaul – Proposition 24 Passes

Takeaways From CCPA Public Forums

Client Alert: CA Attorney General’s Office Begins Rulemaking Process with First Public Hearing While US Congress Debates New US Federal Privacy Law

HHS Issues Proposed Rule Modernizing HIPAA Privacy Rule

NEW TECH: CASBs continue evolving to help CISOs address multiplying ‘cloud-mobile’ risks

New York Enacts New Data Security Laws

How Cybercriminals are Weathering COVID-19

Welcome to Legaltech New York 2020!: eDiscovery Trends

Stay Connected