1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Judge applies common sense to question of what constitutes a data breach

Discussion in 'CSO' started by RSS, Dec 1, 2015.

  1. RSS

    RSS New Member Member

    Enterprise security is a frustrating game, because IT winning 99.9% of the time isn’t enough. One lucky cyberthief or one careless employee — something completely beyond your control — can cause a data breach, a failure that will stay on your résumé forever. But a small dose of sanity emerged on Nov. 13 when a federal judge ruled that a data breach needs to have actual victims, not merely hypothetical ones.

    The ruling, by D. Michael Chappell, the chief administrative law judge for the U.S. Federal Trade Commission (FTC), threw out an FTC complaint against a cancer research lab called LabMD. The matter involved a LabMD employee who violated company policies and downloaded P2P software, inadvertently exposing sensitive patient information on a file-sharing network. The breach, however, was detected and shut down before anyone on the outside saw that information, and no one ever accessed the sensitive data.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page