Privacy Monday – September 9, 2013 — National Institute of Standa

Email

617-348-1732

Privacy Monday – September 9, 2013 — National Institute of Standards and Technology (NIST) Draft Cybersecurity Framework

by: Cynthia J. Larose of Mintz - Privacy & Cybersecurity Viewpoints

Monday, September 9, 2013

Print Mail Download

i

This Privacy Monday, there are a few important items of note, rather than the usual “bits and bytes”.

NIST RELEASES DISCUSSION DRAFT OF CYBERSECURITY FRAMEWORK

After several months of work, the National Institute of Standards and Technology has published adraft of its cybersecurity “Framework.” Developed in response to an executive order from President Obama, it provides guidance on managing cybersecurity risk and supports the cybersecurity of the nation’s infrastructure by promoting the use of industry standards and best practices. Although it doesn’t introduce a set of prescriptive rules, the framework is only one component of the administration’s multipronged effort to bolster private sector cybersecurity. Jonathan Cain has authored a detailed analysis of the NIST discussion draft that is an important read.

Analysis is here.

SEE WHAT IS OUT THERE ABOUT YOU

Data aggregator Acxiom has unveiled a free website where U.S. consumers can view the data thecompany has collected on them, The New York Times reports. Users who visit AbouttheData.com will view data on themselves including homeownership status, vehicle details, recent purchase categories and household interests. The site will allow users to click on icons to view the source the aggregated data came from originally. Axciom’s CEO says the company aims to alleviate consumer fears on data aggregation by being more transparent.

Read more (registration may be required) – New York Times

CLASS ACTIONS IN AND OUT

Out – Barnes & Noble: A federal judge in Illinois has dismissed a putative class action against the retailer over a security breach affecting PIN pad devices in 63 of its stores, finding that none of the plaintiffs had shown actual harm.

Read more – Bloomberg and Business Week

In - Advocate Health and Hospitals: Also in Illinois, Advocate Health and Hospitals Corp. was slapped with a proposed class action Wednesday in Illinois state court alleging it failed to protect its patients’ sensitive information, in light of a massive breach/burglary resulting in lost computers that held information for about 4 million patients. Former patient Alex Lozada says the medical data breach from four unencrypted laptops was the largest in Illinois history and could have been avoided had the company followed data security regulations and standards under HIPAA.

Read more – Chicago Herald and ModernHealthcare