Skip to main content

Privacy Monday - September 9, 2013 -- NIST Draft Cybersecurity Framework

This Privacy Monday, there are a few important items of note, rather than the usual "bits and bytes".

NIST RELEASES DISCUSSION DRAFT OF CYBERSECURITY FRAMEWORK

After several months of work, the National Institute of Standards and Technology has published a draft of its cybersecurity “Framework.” Developed in response to an executive order from President Obama, it provides guidance on managing cybersecurity risk and supports the cybersecurity of the nation’s infrastructure by promoting the use of industry standards and best practices. Although it doesn’t introduce a set of prescriptive rules, the framework is only one component of the administration’s multipronged effort to bolster private sector cybersecurity. Jonathan Cain has authored a detailed analysis of the NIST discussion draft that is an important read.

Analysis is here.

SEE WHAT IS OUT THERE ABOUT YOU

Data aggregator Acxiom has unveiled a free website where U.S. consumers can view the data the company has collected on them, The New York Times reports. Users who visit AbouttheData.com will view data on themselves including homeownership status, vehicle details, recent purchase categories and household interests. The site will allow users to click on icons to view the source the aggregated data came from originally. Acxiom's CEO says the company aims to alleviate consumer fears on data aggregation by being more transparent.

Read more (registration may be required) - New York Times

CLASS ACTIONS IN AND OUT

Out - Barnes & Noble:  A federal judge in Illinois has dismissed a putative class action against the retailer over a security breach affecting PIN pad devices in 63 of its stores, finding that none of the plaintiffs had shown actual harm.

Read more - Bloomberg

In - Advocate Health and Hospitals:  Also in Illinois, Advocate Health and Hospitals Corp. was slapped with a proposed class action Wednesday in Illinois state court alleging it failed to protect its patients' sensitive information, in light of a massive breach/burglary resulting in lost computers that held information for about 4 million patients.   Former patient Alex Lozada says the medical data breach from four unencrypted laptops was the largest in Illinois history and could have been avoided had the company followed data security regulations and standards under HIPAA.

Read more - Chicago Herald and ModernHealthcare

 

 

Subscribe To Viewpoints

Author

Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.