Skip to main content

Privacy Monday: June 9, 2014

Welcome to another week, and our Privacy Monday look at top issues.

California Attorney General Puts the Focus on the Consumer

As we have discussed here, the California Online Privacy Protection Act was amended, effective January 1, 2014 -- and the amendment raised more questions than it answered.  The California Attorney General's office has published a set of guidelines focusing on the CalOPPA amendment and how businesses should focus their privacy and data collection practices on the consumer.  Jake Romero has analyzed the Guidelines what they mean for your privacy practices.   Read it here.

Another Monday, Another Breach: American Express Card Info Reported Leaked by Anonymous Ukraine

Speaking of California, about 77,000 Amex customers in the Golden State have been notified that their information may have been compromised by the Ukraine branch of the hactivist group Anonymous.  According to the May 29th letter to the California Attorney General's office, Amex says it was notified by law enforcement that several large files containing some of its customers' information was posted online.

Read the Los Angeles Times article here  for further details.

And, Yet Another OpenSSL Security Problem

There is apparently another security issue with the wildly popular (and widely-used) open source Secure Socket Layer code, OpenSSL.    You'll recall back in April all the discussion and mad dashes to fix the Heartbleed bug.   Now, there appears to be a "man in the middle" vulnerability in the code that has been around for some 15 years.  According to an article in ZDNet, this MITM vulnerability is not as serious as a Heartbleed attack (to turn a phrase), but attention should still be paid to it and it should be addressed by upgrading as soon as possible.     Read more about the problem in ZDNet's article here and in Wired's article here.

Subscribe To Viewpoints

Author

Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.