Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Category Archives: Compliance and Laws

Medical Identity Theft … Where Have You Been, WSJ?

– The Wall Street Journal published a front-page article “The Doctor Bill from Identity Thieves” by Stephanie Armour on August 8, 2015 as if medical identity theft is a new issue. It isn’t. My colleague Allan Pomerantz wrote a BlogInfoSec column on the subject more than seven years ago ……

The Bankers and the Lawmen Should be Cyber Friends

– When I read Matthew Goldstein’s February 24, 2015 article “Wall St. and Law Firms Plan Cooperative Body to Bolster Online Security,” in the DealB%k section of The New York Times, I was reminded of the song from Rogers and Hammerstein’s “Oklahoma” about how farmers and cowmen should get…

Balancing Security, Privacy and Secrecy

– Recently, I read the National Security column, “We Need More Secrecy: Why government transparency can be the enemy of liberty,” by David Frum in the May 2014 issue of The Atlantic magazine. It reminded me that I had proposed adding the word “secrecy” to the title of a 2009 book that I…

Security in the Dark

– I attended a roundtable recently at which someone mentioned that, in their experience, those familiar contractual requirements requesting third-party service providers to tell their customers about security breaches within a short time frame (within three  hours, say) are often not conveyed to…

SEC-urity’s Catch 22

– On October 13, 2011, the Division of Corporation Finance (DCF) of the Securities and Exchange Commission (SEC) issued CF Disclosure Guidance: Topic No. 2 – Cybersecurity, available at http://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm . It provides the DCF’s “views…