Why We Have Breach Notification All Wrong

The recent $10 million settlement of the Target data breach demonstrates why we have data breach notification all wrong. We use data breach notification as a means to punish companies that have suffered a data breach.  We treat companies like Target, Home Depot, Anthem and Premera as criminals and tortfeasors; we demand that they pay…

Details

Your Facebook Profile Can Get You Banned from the Mall

Think of Paul Blart, Mall Cop going undercover and online. In Bloomington, Minnesota is a small city dedicated to capitalism.  It’s the Mall of America, with more than 500 stores and 2.5 million square feet of retail space. It has a Nickelodeon themed theme park; an underwater adventures aquarium, a wedding chapel, a flight simulator,…

Details

Five Myths About the Hillary Email “Scandal”

There has been a lot of information – and misinformation – floating around the Interwebs about the fact that Hillary Clinton, as Secretary of State, exclusively used a personal email address linked to a “homebrew” server. Partisans on both sides have spread much of this misinformation.  Based on what we now know (and the situation can…

Details

Hillary, Email and the Problems With Policy

Some years ago, I was sitting in a whirlpool at a health club and I noticed a printed sign above the whirlpool that noted, “Do Not Clip Toenails in the Whirlpool.” Gross.  My first reaction was, “why exactly was that sign necessary?”  My second reaction was, “hmm.. so if that is prohibited, by implication, what…

Details

Hillary Mail – Unanswered Questions

In the Oscar nominated movie “Whiplash,” J.K. Simmons’ character, music teacher Terence Fletcher says, “There are no two words in the English language more harmful than “good job.””  I think that at her press conference on March 10, former Secretary of State Hillary Clinton found two more harmful words.  “It’s secure.” For those who have…

Details

Run From the Border – CISOs, Employee Devices and Border Crossings

Data tends to move from place to place.  That’s kind of the point.  But when it does travel, sometimes the government wants to take a peek.  Any government.  A recent case out of Canada demonstrates that not letting the government take a peek can land you in jail.  And that’s bad for CISO’s trying to…

Details