On April 15, 2019, Arkansas Governor Asa Hutchinson signed House Bill 1943 into law (now referred to as Act 1030), amending the Personal Information Protection Act, Arkansas Code § 4-110-101 et seq. Act 1030 expands the definition of “personal information” as used in the Personal Information Protection Act and also introduces key new requirements that relate to data breach notification.
Read more »Data Privacy & Cybersecurity
April 2019
-
Legislative Alert: Arkansas Amends Personal Information Protection Act Posted on: April 29, 2019 In: Data Privacy & Cybersecurity
-
Digital Forensic Experts are a Resource for IT Professionals Posted on: April 23, 2019 In: Data Privacy & Cybersecurity
One of the best qualities an information technology (IT) professional can possess is the tenacity to fully troubleshoot and resolve system issues as they occur. Unfortunately, that same drive and sense of urgency to gather relevant facts and to restore inoperable systems as quickly as possible can create issues for the necessary digital forensic investigations following a data security incident.
Read more »
-
Utah Requires Warrant for Law Enforcement Access to Certain Types of Data Posted on: April 12, 2019 In: Data Privacy & Cybersecurity
On March 27, 2019, Utah Governor Gary Herbert signed House Bill (HB) 57 – known as the Electronic Information or Data Privacy Act – into law, making Utah the first state to protect information that individuals have shared with certain third parties. Among its provisions, HB 57 states that, effective May 14, 2019, law enforcement may not generally obtain certain types of “electronic information or data” for use in a criminal investigation or prosecution without first obtaining a search warrant.
Read more »
-
Virginia & Utah Amend Data Breach Statutes Posted on: April 09, 2019 In: Data Privacy & Cybersecurity
On March 18, 2019, the commonwealth of Virginia enacted House Bill (HB) 2396, amending the commonwealth’s data breach notification statute. Specifically, HB 2396 expanded the commonwealth’s definition of “personal information” sufficient to trigger a notification obligation following a data security incident. Effective July 1, 2019, “personal information” will be defined to include both passport number and military identification number in addition to those data sets that were previously regulated.
Read more »
-
Improving Your Office365 Security Posture to Stop Phishing at Email’s Shores Posted on: April 03, 2019 In: Data Privacy & Cybersecurity
Phishing attacks and other email compromise schemes are not just an annoyance in the modern workspace. A successful email compromise can allow malicious actors to intrude into an organization’s enterprise email accounts, expose sensitive data contained in users’ inboxes, and give cyber criminals the ability to successfully impersonate an employee to others within and without the organization by using the employee’s own email account.
Read more »
-
The Financial Fraud Kill Chain: Combatting Fraudulent Money Transfers Posted on: April 02, 2019 In: Data Privacy & Cybersecurity
Businesses are constantly targeted by criminals attempting to gain access to information that will allow them to fraudulently divert wire transfers. This often occurs after the criminal has conducted sufficient reconnaissance to determine who likely has an occupational role to approve or initiate wire transfers. The employee will then be targeted – often a financial executive like a Chief Financial Officer – and their email account will be compromised. But this can be prevented.
Read more »