In early June, the California Attorney General filed final CCPA regulations with the California Office of Administrative Law. The final regulations were accompanied by a 59-page Final Statement of Reasons along with six appendices containing over 500 pages of comments on the regulations and the Attorney General’s responses to those comments. One of the many topics that the Attorney General’s office discussed was the final regulation’s requirements for drafting privacy policies. Given that the drafting of a privacy policy is a necessary part of CCPA compliance, it is worth analyzing those comments.
Expect the COVID-19 coronavirus pandemic to bring lasting changes to our lives, from the way we authenticate identity to how we open doors – and even use public restrooms. If there’s a theme among these changes, it’s that they will favor contactless solutions. The use of biometrics to authenticate employees and customers has snowballed over the last decade. Expect demand from public and private organizations to grow even faster as they require accurate identification of workers, students, patients and many more people in response to new challenges resulting from the virus.
The Wall Street Journal recently stated that commercial burglaries have almost doubled in New York City since March 12 when a state of emergency was declared. Reason being, thieves are targeting nonessential businesses that have shuttered locations as a result of government directives or are robbing essential businesses that would likely have more cash on hand. Multiple retail organizations are also reporting an increase in shoplifting attempts and point of sale shrink since the beginning of the coronavirus outbreak. In times like these, as a rise in theft, burglaries and other disturbances are expected, security is more important than ever.
Hospitals are where people go to seek treatment, recover, and address critical injuries. It is the place where doctors, nurses, and other healthcare providers devote themselves to helping people who need medical attention. In addition to this critical focus, a hospital also has to protect against unauthorized access, theft of medications or sensitive patient information, and guard against workplace violence, which affects hospitals more than other industries. At the same time, they must maintain a level of accessibility and openness, which presents difficulties as it relates to security.
Outsourcing has become a vital part of most business strategies. Not only is it a way to save money, but it’s a simple way to take advantage of expertise you might not currently have in house. But outsourcing can also leave companies vulnerable if the third-party doesn’t have proper cybersecurity procedures.
Security awareness training is no longer a “nice-to-have” for organizations. End users have become a critical component of effective security postures. Employees must have a strong understanding of cybersecurity best practices and learn how to detect and defend against targeted attacks. This shift in priority is needed to address an ongoing trend in the larger threat landscape. Cybercriminals have moved away from complicated, time-consuming technical exploits to concentrate on end users, a large and frequently vulnerable attack surface. Small or large, nearly every attack now begins in the same way: by relentlessly targeting people through email, social networks, and/or cloud and mobile applications.
Convincing C-suite executives to approve budgets for security system upgrades may be difficult in the best of times. However, the COVID-19 pandemic and resulting financial upheaval it caused may make selling new projects more challenging for security directors. While security may not be a daily topic of discussion among C-suite members, they understand the need to provide and maintain a safe and secure environment for corporate employees and visitors. But they don’t see security in terms of a camera brand or access card technology. They view security in terms of risk management and mitigation strategies. Addressing those concerns in any project plan will increase its chances of it winning approval.
The Internet of Things (IoT) continues to be a driving force behind smart buildings, with the ability to optimize all areas of building operations – from HVAC to surveillance, offering massive potential for facility owners and system integrators to create added value for customers. While goals such as reducing energy consumption and space utilization are still priorities, building owners and operators are searching for solutions to help make workspaces and common areas safe and useable, abiding by new health and safety guidelines. Security professionals are also searching for ways to leverage and augment their technology infrastructure to contribute to the overall safety of their facility, beyond the traditional capabilities of access control and surveillance.
On May 26, the District Court found in the In Re: Capital One Consumer Data Security Breach Litigation that a report prepared by Mandiant concerning the Capital One data breach (Breach Report) was not protected by the work product privilege and must be turned over to Plaintiffs. What are some lessons to be learned from this data breach litigation response?