Yesterday TARGET announced that the hackers who committed the breach that has potentially affected as many as 110 million customers gained access to its systems through one of its vendors. Although the details are still emerging as the forensic investigation continues, this early report is a reminder that your vendors can be a potential source

In the aftermath of the TARGET breach announced last month, there has been much talk of how to respond to large-scale breaches of this type.  Lawmakers are eager to write legislation to increase the FTC’s enforcement powers and create a national breach notification standard.  But if the congressional response focuses entirely on breach notification and

Officials in the EU often deride the lack of a national data protection authority in the US. It is absurd to suggest that the existence of a national DPA is itself a litmus test for a country’s commitment to privacy protection. Indeed, I would put the US system of constitutional checks and balances and sectoral

All too often, companies that have been victimized by data breaches are being blamed by regulators and class action lawyers for not doing more to prevent the breaches. Now more than ever, companies need to move proactively to manage their risks of a breach, before the breach occurs. Corporate Counsel has published my article on

In the wake of the leaks about the NSA’s PRISM program and domestic data collection activities, EU officials have, quite predictably, raised alarms that the NSA’s programs pose a grave threat to the privacy of EU citizens. In recent days, European Parliament members have been quoted as calling the NSA programs “shocking” and tantamount to