California Bill Would Create Cyber Security Commission

By Christin McMeley and Jane Whang

In recognition of the increasing threat that cyber-attacks pose to the state's infrastructure and the considerable costs that government and private sectors are estimated to spend on cyber security (more than $70 billion estimated to be spent in 2014 nationally), Assembly Speaker John Perez has introduced a bill to establish a "Cyber Security Commission."

The bill (AB 2200), if passed, would authorize the proposed commission to develop public-private partnerships to share cyber security and cyber threat information and to improve cyber security and cyber response strategies. The commission is required to meet monthly and submit quarterly reports to the Governor's Office and Legislature on the status and progress of cyber security efforts.

Continue Reading...

California AG Weighs in on Cybersecurity

By Paul Glist and Leslie Moylan

Just as NIST completes its version 1.0 national Framework for Improving Critical Infrastructure Cybersecurity, California Attorney General Kamala Harris has made clear she intends a leadership role for California. With a guide called “Cybersecurity in the Golden State: How California Businesses Can Protect Against and Respond to Malware, Data Breaches and Other Cyberincidents,” the AG offers a simplified, brief, and plain English version of cybersecurity protections directed toward small and medium size California businesses that likely lack the resources to hire full-time cybersecurity personnel. The Guide’s “Practical Steps to Minimize Cyber Vulnerabilities” are based on acknowledged deficiencies in the devices, websites, and apps at the network’s edge, and on the need for users and businesses to discipline their behavior and increase their vigilance against threats. The best practices outlined in the Guide are not unique to small or medium size businesses and overlap to a large extent NIST’s perspective on threats and cyber recommendations from many sources. The NIST Framework provides greater detail and is more explicit in the latitude it provides for business judgments about the proportionality of precautions with respect to the specific risks. Both the California Guide and NIST Framework seek to prod organizations to analyze risks, determine needs, and outline plans to protect, detect, respond and recover.
 
Continue Reading...

Internet Privacy Class Actions

In today’s cyberworld, operating in online and social media can put companies in a special class. Unfortunately, that class could mean a class action lawsuit. Websites and social media provide search engines, website operators, and advertisers powerful ways to obtain and monetize data about users. Jimmy Nguyen explores how this power has triggered public and governmental concern about consumers’ online privacy, even leading to a Wall Street Journal investigative report in August 2010 and a wave of class action lawsuits. To read more, click here.

We're Baaaaaaack.

Those of you who were once frequent visitors to this blog may, by now, be asking one or more of the following questions:

(a) Why haven’t you guys posted anything for so many months?
(b) Why does the site look different?
(c) Who’s going to win the NBA playoffs?
(d) Why did they cancel My Name is Earl?

Well, the first two at least. The truth is that this blog was started in August 2005, and ran steadily (sometimes more steadily than others) for about three years. As blogs go, that’s a fairly distinguished record – there are more abandoned blogs lining the sides of the Information Superhighway than there are hubcaps along the Cross Bronx. Wait, did we actually just use the phrase “Information Superhighway”? Because that is so 2005. As is that phrase we just used.

So anyway, when our firm decided to revamp its website, we took this as an opportunity to think seriously (read: discuss over drinks) what we wanted to accomplish with this blog, and what we needed to do to keep it fresh and relevant. The process has taken a bit longer than we expected, but here’s where we are:

Rather than a long list of bloggers, you will be getting regular updates from just five of us – and henceforth there will be no more posts in this annoying third-person, royal we, voice. We may have some guest bloggers on occasion, but for the most part you can level any criticisms at the following:

Bruce Johnson, our Burgermeister-Meisterburger, who will be blogging on the topic of Personal Communications (blogging, employee/employer relations, etc.)

Randy Gainer, who will be captivating you with stories about the Government Surveillance (ECPA/CFAA, CALEA, REAL ID/travel issues, etc.)

Charlene Brownlee, who is by far the most stylish among us (and who will be blogging on the subject of Data Breaches and identity-theft laws)

Ronald London, who will endeavor to keep an eye on Congress and will be blogging about telemarketing, junk fax, CAN-SPAM, behavioral/advanced advertising, and CPNI (which we’ll call Marketing and Consumer Privacy)

Lance Koonce, who will try not to mangle any stories about Online Threats such as hacking, phishing, pharming, pretexting, malware/spyware, and offline versions such as dumpster diving and the theft/loss of data-containing devices.

We do not purport to be a source for all news that touches on privacy and security – the field has exploded and aggregating such information would be a full-time career. Rather, we hope to tease out interesting aspects of specific issues within our areas of coverage. We hope you’ll take a look, and keep coming back if what you see intrigues you.

Thanks,

The PrivSecBlog Team


And by the way:

The Lakers.
Ratings. And possibly bad karma.