- Interesting Cybersecurity Development in the Insurance and Vendor Risk ArenaApril 02, 2019
Often one of the benefits of working with a capable cyber risk broker or insurer is that the covered business has access to supplemental services ranging from security assessments to budget-priced post-incident legal support. These benefit the insurer and the company by helping to improve the security posture of the insured. Indirectly, such cyber risk assessments also benefit the company’s customers and owners, so it’s a nice win all around. Last week a group of cyber risk brokers and insurers, led by the brokerage unit... more
- The EDPB Has Released an Opinion on the Interplay between the GDPR and the ePrivacy Directive: It’s Worth ReadingMarch 19, 2019
On March 15, 2019, the European Data Protection Board published Opinion 5/2019 on the interplay between the ePrivacy Directive and the GDPR, in particular regarding the competence, tasks, and powers of data protection authorities. While the title is a mouthful, the 25-page document is a worthwhile read for anyone involved in electronic communications with EU personal data. And given the ubiquity of “electronic communications” the audience pool here is pretty large. Brief Background The passage of the GDPR in 2016 absorbed the focus of so... more
- The Importance of Privacy by Design in Mobile Apps (Debunking the Aphorism that any Publicity is Good Publicity)February 26, 2019
On Friday, February 22, the Wall Street Journal ran a story titled “You Give Apps Sensitive Personal Information. Then They Tell Facebook” (subscription required). The report gained further traction over the weekend, and by Monday, February 25th several of those identified as sharing data with Facebook had reportedly stopped doing so. Now, it is not at all unusual for different mobile apps to share data with the device maker, Facebook, or other applications. In fact, huge numbers of people intentionally share all sorts of interesting... more
- The EU GDPR and The BorgFebruary 19, 2019
For those of a certain generation the concept of “The Borg” invokes a seemingly inevitable force that pulls opponents into the “Collective” through a process of assimilation. According to the inestimable source, Wikipedia, the purpose of the Borg was to achieve perfection. This is a very brief post today to get that thought into your head and to see how we in the US – whether we like it or not –will be assimilated to the GDPR, directly or indirectly. Arguably the ‘direct’ method of... more
- California Enacts First U.S. Law Requiring IoT CybersecurityFebruary 12, 2019
“Smart” devices have become common, if not pervasive, experiences of daily life. Parents may monitor a baby’s heart rate and oxygen levels through sensor enabled baby socks. Businesses may equip fleet drivers with smart hats that measure alertness to monitor for accident-causing driver fatigue. Yogis can utilize yoga clothing with integrated sensors that provides vibrating position correcting feedback to enhance their practice and experience completely virtual guided yoga. Beachgoers can monitor UV exposure through integrated monitoring sensors in their swimsuits. These types of devices comprise... more
TIPS
Often one of the benefits of working with a capable cyber risk broker or insurer is that the covered business has access to supplemental services ranging from security assessments to budget-priced post-incident legal support. These benefit the insurer and the company by helping to improve the security posture of the insured. Indirectly, such cyber risk assessments also benefit the company’s customers and owners, so it’s a nice win all around. Last week a group of cyber risk brokers and insurers, led by the brokerage unit... more
On March 15, 2019, the European Data Protection Board published Opinion 5/2019 on the interplay between the ePrivacy Directive and the GDPR, in particular regarding the competence, tasks, and powers of data protection authorities. While the title is a mouthful, the 25-page document is a worthwhile read for anyone involved in electronic communications with EU personal data. And given the ubiquity of “electronic communications” the audience pool here is pretty large. Brief Background The passage of the GDPR in 2016 absorbed the focus of so... more
On Friday, February 22, the Wall Street Journal ran a story titled “You Give Apps Sensitive Personal Information. Then They Tell Facebook” (subscription required). The report gained further traction over the weekend, and by Monday, February 25th several of those identified as sharing data with Facebook had reportedly stopped doing so. Now, it is not at all unusual for different mobile apps to share data with the device maker, Facebook, or other applications. In fact, huge numbers of people intentionally share all sorts of interesting... more
For those of a certain generation the concept of “The Borg” invokes a seemingly inevitable force that pulls opponents into the “Collective” through a process of assimilation. According to the inestimable source, Wikipedia, the purpose of the Borg was to achieve perfection. This is a very brief post today to get that thought into your head and to see how we in the US – whether we like it or not –will be assimilated to the GDPR, directly or indirectly. Arguably the ‘direct’ method of... more
“Smart” devices have become common, if not pervasive, experiences of daily life. Parents may monitor a baby’s heart rate and oxygen levels through sensor enabled baby socks. Businesses may equip fleet drivers with smart hats that measure alertness to monitor for accident-causing driver fatigue. Yogis can utilize yoga clothing with integrated sensors that provides vibrating position correcting feedback to enhance their practice and experience completely virtual guided yoga. Beachgoers can monitor UV exposure through integrated monitoring sensors in their swimsuits. These types of devices comprise... more