Possible Implications of FCRA Actions?

On August 8, 2012, the Federal Trade Commission settled with HireRight Solutions, Inc. (“HireRight”) for failure to comply with certain Fair Credit Reporting Act (“FCRA”) requirements. According to the FTC’s complaint, HireRight provides background reports on current and prospective employees to thousands of employers. These background reports contain public record information, including criminal histories. Employers… Read More

My comments about Virtuport and MENA ISC 2012.

Several exceptional facets of MENA ISC 2012 became quite apparent to me during my attendance and participation in the Middle East North Africa Information Security Conference. First, what a truly impressive assembly of international security experts and delegates. People attending were engaged, inquisitive, and very collaborative which is a vital component in mastering the global… Read More

Consumer Reality Check – Lifting the Veil on PCI DSS

I read an article entitled “Global Payments has some explaining to do” (Source: CSO) today and there were some interesting points made by Bill Brenner, managing editor of CSO. He asked specifically, “How on Earth were they designated PCI compliant in the first place? What were the specific actions they took to improve security and… Read More

Usage Terms

MichaelPeters.org – Your Personal CXO and its affiliates (“MichaelPeters.org – Your Personal CXO” or “we”) provides its content on MichaelPeters.org (the “Site”) subject to the following terms and conditions (the “Terms”). We may periodically change the Terms, so please check back from time to time. These Terms were last updated on March 31, 2012. By… Read More

Failure to Communicate: Pending US Congressional Orwellian Bills Threaten the Internet

In the spirit of the holiday season, three wise men, actually law professors, following an analysis, are warning that the proposed intellectual property PROTECT IP (Source: PROTECT IP) and the Stop Online Piracy Act (SOPA) (Source SOPA) legislation, currently working their way through Congress, will damage the world’s DNS system, cripple attempts to get better… Read More

Shot Down in Flames! – That ROI for security or litigation is in jeopardy.

  The Return on Investment, aka ROI, is an essential financial measurement for any business venture and one that must be positive, or at least neutral, in order to demonstrate the viability of the proposition being examined. There are certain essential business functions however that does not provide a return on your investment; and two… Read More

Would you buy a car without seat belts?

Recent headlines said, “Network ransacked in huge brute-force attack” (Source: The Register) and “Hackers break SSL encryption used by millions of sites” (Source: Huffington Post) among many other security and privacy news that fill the news outlets every time I look and listen. The problem is not some new phenomenon, but one that continues to… Read More

The Death of Privacy?

Today, I propose we declare the death of privacy. In our technically advancing world, our personal privacy expectations must be reconsidered, re-conceived and redefined. We all expose ourselves through swipes, transactions, likes and tweets. Through handsets, television sets and mindsets, we voluntarily add our behavioral attributes to the associated handlers of our digital DNA almost… Read More

Getting rid of getbetterlinks

I noticed site content links being introduced through my Firefox browser today. Apparently a browser extension called Betterlinks had been added by Mozilla in the latest updates. Betterlinks supplies alternative locations for content that may be in competition with your site by influencing your searching. My rhetorical question for the day is “Who gets to… Read More

FTC Proposes Significant Changes to the Online Collection of Information from Children rule

The Federal Trade Commission (“Commission”) released on September 15, 2011, its long-awaited proposed amendments to its rule implementing the Children’s Online Privacy Protection Act (“COPPA Rule”). They are accepting comments until November 28, 2011. The Commission is proposing modifications to the COPPA Rule in three key facets:

Easiest way to breach a bank? Just hold-em-mop!

On July 29, 2011, Massachusetts Attorney General Martha Coakley announced a $7,500 settlement with Belmont Savings Bank following a May 2011 data breach involving the names, Social Security numbers and account numbers of more than 13,000 Massachusetts residents.  The bank has stated that it has no evidence of unauthorized access to or use of consumers’… Read More

Expanding Security Breach Notification Requirements in California

A new amendment to California’s security breach notification law will raise the stakes for businesses required to give notice of a data security breach affecting California residents. California Senate Bill 24 (“SB 24”), signed by Governor Brown on August 31, 2011, imposes detailed new requirements for the content of security breach notices. Significantly, SB 24… Read More

Geolocational Privacy and Surveillance Act – First Blush

The law does not lead, it follows. Our system is very reactive in nature. It tends to change, without my surprise, like people generally do as a direct result to negative events or influences. Smokers quit following the heart attack and our legal system create laws based upon past events. GPS technology has been around… Read More

Juris Doctor 135-143 of 161: The Geek Shall Inherit the Universe

Cyber-espionage and Cyber-warfare poses the greatest threat to our society today. No longer are massive militarized forces with the most advanced weaponry the force to fear. The forces to be feared now are computer geeks. A single person or just a few cyber-savvy individuals working together as a team now possess the power to bring… Read More

Dropbox? More Like Dropball!

There has been a putative class action complaint filed on June 22, 2011, in the United States District Court, for the Northern District of California alleging that the popular cloud-based storage provider Dropbox, Inc. failed to secure its users’ private data or to notify the vast majority of them about a recent data breach.  According… Read More

New PCI Data Security Standards for Cloud Compliance

The PCI Security Standards Council’s Virtualization Special Interest Group recently published its “Information Supplement: PCI DSS Virtualization Guidelines” (the “Guidelines”) to Version 2.0 of the PCI Data Security Standard (“PCI DSS”). The Guidelines provide context for the application of the PCI DSS to cloud and other virtual environments, and offer at least three critical reminders: