Fair is fair. I agree this is far
better than most. Still, nothing on HOW the breach occurred (so we
have no way to know if it was even fixable) or HOW MANY accounts were
compromised (Enough to create a material financial event?)
Breach
notification done right?
November 17, 2012 by admin
I spend a lot of time criticizing
breach notifications, so it’s nice when I can occasionally point to
a positive example.
Without considering whether the breach
could have been prevented, consider this notification letter from
Nationwide Insurance, dated November 16:
We want to make
you aware that a portion of our computer network was criminally
attacked and we believe that the attack compromised some of your
information. We are very sorry that this situation has occurred.
Protecting the privacy and security of your information is a top
priority for us, and we want to assure you that we have taken steps
that will prevent this type of attack from happening again. Although
we are not aware of any misuse of your information at this time, we
want to inform you about the situation and encourage you to take the
steps below, including taking advantage of the credit monitoring and
identity theft protection product we are providing to you at no
charge.
The Incident
On October 3,
2012, a portion of our computer network that is used by Nationwide
Insurance agents and Allied Insurance agents was criminally intruded
upon by an unidentified criminal perpetrator. We
discovered the attack that day, and took immediate steps
to contain the intrusion. We believe that we successfully contained
the attack through our responsive actions.
We promptly
initiated an investigation of the attack and on October 16, 2012, we
determined that the criminal perpetrator had likely stolen some
personal information from our systems. On November 2, 2012, we
received confirmation of the identities and addresses of the
individuals whose personal information we believe was compromised.
Although we are still investigating the incident, our initial
analysis has indicated that the compromised information included your
name and [Social Security number, driver’s license number, date of
birth] and possibly your marital status, gender, and occupation, and
the name and address of your employer. At this time, we have no
evidence that any medical information or credit card account
information was stolen in the attack.
You can read the full
letter on the California AG site.
I realize that there are some states
where notification 6 weeks after the discovery of the incident would
violate a timeliness provision in reporting, but overall, they
detected the breach quickly, secured it quickly, and within one
month, were able to construct a list of affected individuals. Could
they have gotten the actual letter out faster than two weeks from
confirmation of identities and addresses? Probably, but overall, I’m
favorably impressed. Your mileage may vary.
If your organization “permits”
Google Docs, it will be difficult to block this communication.
"Windows 8 may block most
malware out of the box, but there is still malware out there that
thwarts Microsoft's latest and greatest. A new Trojan variant,
detected as Backdoor.Makadocs and spread via RTF and Microsoft Word
document marked as Trojan.Dropper, has been discovered that not only
adds a clause to target Windows 8 and Windows Server 2012, but also
uses
Google Docs as a proxy server to phone home to its Command &
Control (C&C) server."
Today, forcing ISPs to comply.
Tomorrow, forcing parents to comply?
First time accepted submitter
fustakrakich writes with news reported in The Telegraph of new
anti-pornography
regulations ordered by UK Prime Minister David Cameron:
"The new
measures will mean that in future anyone buying a new computer or
signing up with a new internet service provider (ISP) will be asked,
when they log on for the first time, whether they have children. If
the answer is "yes", the parent will be taken through the
process of installing anti-pornography filters, as well as a series
of questions on how stringent they wish the restrictions to be,
according to a newspaper."
[From the article:
The options include allowing parents to
impose timed access limits on explicit material, or preventing
children from viewing social networking sites such as Facebook during
particular hours of the day.
Ministers will also tell ISPs to impose
"appropriate measures" to make sure that those setting the
controls are over 18, according
to the Daily Mail.
… Ministers are expected to tell
ISPs that they must bring in the new rules or face legislation
Interesting Why? Are clients tighter
with a buck or “We don't need no stinking research?” Or maybe,
“Hey, Google is free!”
November 18, 2012
New
surveys indicate sea change in legal research billing costs to
clients
Rachel
M. Zahorsky, ABA Journal: "More and more billing partners
are knocking research costs off invoices before they’re even
submitted to clients, legal consultant Rob Mattern of Mattern &
Associates recently told me... This trend is apparent at firms that
negotiate deals with research providers but historically haven’t
passed along discounts they received to their clients, sometimes as a
means to collect on other, nonbillable items, Mattern added.
Mattern's firm’s 2012
Cost Recovery survey reported an influx of firms with clients who
either balked
at or outright refused to pay for legal research. While some
firms have adopted policies to charge clients only the hard costs
billed to them, others are adding legal research charges to the cost
of doing business. In fact, 43 percent of law firm respondents said
they absorb more of their legal research costs today than in 2010,
according to a recent Bloomberg
Law survey of 97 law firms, ranging from 50 to more than 400
attorneys. And transactional matters are less likely to recover
legal research costs than litigation."
No comments:
Post a Comment