An
update.
Norsk
Hydro Delays Financial Report Due to Cyberattack
Norwegian
aluminum giant Norsk Hydro last week announced that its financial
report for the first quarter of 2019 will be delayed by over one
month due to the recent cyberattack that caused significant
disruptions to the company’s operations.
The
company has been transparent regarding the impact of the cyberattack,
but it could not share too many technical details due to the ongoing
law enforcement investigation. It revealed recently that the
incident had caused losses
of
up to $41
million in the first week
after the intrusion was uncovered.
File
this under “less than adequate response?”
On April 5, Metrocare Services in Texas notified
HHS that it was notifying 5,290 clients of a breach. A notice on
their web site explains:
On February 6, 2019, we learned an unauthorized third party gained access into some Metrocare employees’ email accounts beginning on January 2019. We immediately took steps to secure the accounts and began an investigation. The investigation determined the unauthorized access occurred and could not rule out whether emails containing individuals’ information were accessed by the third party. We determined information of some individuals were in the affected email accounts, and may have included individuals’ names, dates of birth, health insurance information, driver’s license information, health information related to services received connected to Metrocare, and in some cases, Social Security numbers.
You
can read
the full notice on their site, which
includes steps they have taken to prevent a recurrence. It’s a
shame they didn’t take all of these steps in November, 2018 when
they had what sounds like an identical breach, but
did not follow up by implementing multifactor authentication. At
that time, they wrote:
To help prevent something like this from happening in the future, Metrocare is taking steps to add additional security measures to its current information technology infrastructure, including strengthening its email system, and providing additional information security training to its employees.
That
incident has no closing summary on HHS’s public breach, so it may
still be under investigation.
This
time, they write:
To help prevent something like this from happening in the future, we are taking steps to add additional security measures to our current information technology infrastructure, including strengthening the security of our e-mail system and have implemented multi-factor authentication on its email systems.
The
breach in 2018 affected more than 1,800 patients. The more recent
breach, which was also discovered within a month after it started,
affected more than 5,200 patients. Will OCR find Metrocare’s
actions reasonable? And what happens if this happens again?
More
concerns.
GDPR,
CCPA, LGDP and More: Staying Afloat in the Sea of Global Privacy
Regulations
The
global privacy legislation landscape continues to be a complex sea to
navigate. To date we have seen 117 omnibus laws (GDPR) and another
28 sectoral laws (CCPA) come into play. We are expecting more
amendments to the CCPA and LGDP, and there seems to be no end in
sight to countries and regions bringing their own legislation into
effect over the coming months.
(Related)
The
EDPB’s Narrow View of Contractual Necessity
… According
to the EDPB, processing must be necessary for the particular contract
at issue to be carried out.
(Related)
Thank you Harvard! A new term and the need for Privacy Audits.
Don’t
Acquire a Company Until You Evaluate Its Data Security
When
Marriott International acquired Starwood in 2016 for $13.6 billion,
neither
company was aware of
a cyber-attack on Starwood’s reservation system that dated back to
2014. The breach, which exposed the sensitive personal data of
nearly 500 million Starwood customers, is a perfect example of what
we call a “data
lemon”
— a concept drawn from economist George Akerlof’s work on
information asymmetries and the “lemons”
problem.
Akerlof’s insight was that a buyer does not know the quality of a
product being offered by a seller, so the buyer risks purchasing a
lemon — think of cars.
We are
extending that concept to M&A activity. In any transaction
between an acquiring company and a target company (seller), there is
asymmetric information about the target’s quality. While managers
have long understood this concept, recent events shed light on an
emerging nuance in M&A — that of the data lemon. That is, a
target’s quality may be linked to the strength of its cybersecurity
and its compliance with data privacy regulation. When an
acquirer does not protect itself against a data lemon and seek
sufficient information about the target’s data privacy and security
compliance, the acquirer may be left with a data lemon — a security
breach, for example — and resulting government penalties, along
with brand damage and loss of trust.
Will the
survey show that Facebook is bad or that its users are ignorant? How
would you run this survey?
State
Launches Online Data Survey as Part of Facebook Probe
Democratic
Gov. Andrew Cuomo announced Tuesday that information provided through
an online consumer data privacy survey will help state regulators
make policy decisions regarding the internet marketplace and how
personal data is used by companies.
… Among
the questions on the state survey are how many smart devices are in a
respondent’s household and whether they know how to access privacy
settings.
Sounds
like they suspect a source of bias…
The
artificial intelligence field is too white and too male, researchers
say
The
artificial intelligence industry is facing a “diversity crisis,”
researchers from the AI Now Institute said in a
report released today,
raising key questions about the direction of the field.
Women
and people of color are deeply underrepresented, the report found,
noting studies finding that about 80 percent of AI professors are
men, while just 15 percent of AI research staff at Facebook and 10
percent at Google are women.
(Related)
Sometimes you need bias.
Uber
launched a Saudi Arabia-only feature that lets female drivers avoid
taking male passengers
Because
it impacts everything?
The
Consumer Protection Ecosystem: Law, Norms, and Technology
Bradley,
Christopher G., The Consumer Protection Ecosystem: Law, Norms, and
Technology (March 8, 2019). Denver Law Review, Vol. 97, 2019.
Available at SSRN: https://ssrn.com/abstract=3349190
or
http://dx.doi.org/10.2139/ssrn.3349190
“Consumer
law provokes fierce policy debate on issues from identity theft to
online privacy, from arbitration clauses and class action lawsuits to
Americans’ accumulation of debt and the unsavory practices
sometimes used to collect. Pervasive technology in every aspect of
consumer transacting has opened up many new fronts in these battles.
Scholars, policymakers, and advocates have responded in kind,
devoting increased energy to this area of law, which affects every
single one of us, every single day. Despite its prominence, however,
confusion persists regarding what consumer protection really is or
does. The realities of social and technological change have not been
integrated into legal analyses of consumer transactions.
This Article
constructs a novel and comprehensive model of the consumer protection
ecosystem by contextualizing purely legal constraints amid the other
realities of commercial relationships. Drawing on scholarship in the
areas of technology, social change, and the law, the model lays out
three basic types of
constraints on the activities of participants in consumer commercial
transactions: legal, technical, and social constraints.
This model provides a basis for exploring how those constraints
interact and shape behavior.
The model has
significant ramifications for scholars, policymakers, and advocates.
The model underscores why the area of consumer-facing commerce defies
one-size-fits-all solutions; instead, it demands refined and layered
consideration of consumers, merchants, and the commercial
relationships they pursue, as well as the changes in the social and
technological contexts of those relationships. This Article’s
model provides a framework for that future research and debate.”
Simple, free,
useful? Do you have an old spreadsheet lying around?
Glide
- Make Your Own App by Just Making a Spreadsheet
Glide
is
an amazing free tool that I featured in a presentation during
yesterday's TLA
Tech Glamp.
Glide enables anyone who can make a spreadsheet in Google Sheets to
create his or her own mobile app. If that sounds simple, that's
because it is just that simple. The
headers that you put into your spreadsheet and the data that you
enter into your spreadsheet is used by Glide to generate a mobile app
for you that will work on Android and iOS devices.
To
get started making your first app with Glide you will need to create
a spreadsheet in Google Sheets. Your spreadsheet's column headers
are what will become the sections your app. The information that you
enter into your spreadsheet's columns is what will be displayed
within each section your app. You can include links to videos,
images, and maps in your spreadsheet and those items will be included
in your app too.
After
you have created your spreadsheet in Google Sheets, go to
Glideapps.com
and
connect to your Google account. That connection will allow you to
import your Google Sheet. Once your spreadsheet is imported you will
be able to see a preview of your app. You can change the layout and
color scheme of your app in the Glide editor. When you're happy with
how it looks, hit the share button to publish your app for others to
see. You can share your app publicly via QR code and public URL or
you can share your app privately via email.
For
my geeks.
10
Algorithms Every Machine Learning Enthusiast Should Know
No comments:
Post a Comment