President Obama's call for enactment of a national data breach notification law has been widely welcomed by business groups and privacy advocates, but their endorsements come with a big proviso: What's in it? The White House hasn't furnished details.
A new law in New Jersey, enacted in reaction to data breaches, requires health insurers that provide coverage in the state to encrypt personal information, going beyond the addressable requirements of HIPAA.
The Paris terrorist attacks could make it more likely Congress will renew the USA Patriot Act and less likely that lawmakers will curtail a program to collect metadata on telephone conversations of Americans.
Bankers are criticizing one federal regulatory agency for how it has responded to a breach of unencrypted consumer data that occurred during a routine banking exam. They're saying regulators should focus more on their internal security practices.
Preliminary results of the fourth annual Healthcare Information Security Today survey indicate that information security leaders have big concerns about their business associates. There's still time left to participate in the study.
A recent interview about why retailers say EMV without the PIN is a fruitless fraud-fighting effort has spurred debate among retailers and bankers. In the end, though, bankers' resistance to PIN is all about time and money.
As the 114th Congress convenes this week at a time of growing public awareness of security breaches, it's expected to consider cyberthreat information sharing measures. But can the White House and Congress resolve past differences over the legislation?
As healthcare organizations step up their efforts this year to exchange more patient data with others to improve care, it's urgent that they address the "significant risks" involved, says Erik Devine, chief security officer at an Illinois hospital.
After the complete collapse of network security at Sony Pictures - in the wake of its data breach - it's important that we highlight some of the organization's fundamental security mistakes. Here's a macro view of the lessons we must all learn.
In the wake of a data breach that followed a routine regulatory, a former regulator is asking why the agency failed to disclose the breach sooner, and why it has not accepted more responsibility for its error.
The response by Sony Pictures Entertainment executives to the hack attack against their company provides a number of great examples for how to not to handle a data breach. Here are 7 key mistakes they made.
A federal judge has denied Target's motion to dismiss a consolidated class action lawsuit filed on behalf of consumers affected by the retailer's December 2013 data breach. The move follows a similar ruling regarding a class action lawsuit involving banks.
Without ceremony, President Obama has signed five cybersecurity-related bills, including legislation to update the Federal Information Security Management Act, the law that governs federal government IT security.
Legislation approved by Congress seeks to cement the long-term role of the National Institute of Standards and Technology in working with industry to develop cybersecurity best practices that critical infrastructure operators can voluntarily adopt.
Congress this week passed four cybersecurity bills, and a commonality among all of the measures is that they strengthen the Department of Homeland Security as a cybersecurity force within the federal government.