REDLEGG BLOG
Advisory binoculars icon.

News Roundup From A CISO

9/9/20 8:00 AM  |  by RedLegg Blog

Whether your organization has a CISO or someone looking after CISO-level responsibilities, we've provided a few news items that caught the attention of our own advisor, Andrey. 

RedLegg's Critical Vulnerabilities Bulletin

We're posting our latest critical vulnerability bulletins to our site. Make sure to subscribe via the link below in order to receive an email when our latest bulletin is available.

Get the latest list of vulnerabilities.

 

"Europe Cookie Law Comparison Tool Launched."

"Global law firm Dentons has created a free tool to help users understand their obligations regarding the use of internet cookies across 28 European countries."

Read more from Info-Security Magazine.

 

"Official 2020 HIPAA Compliance Checklist."

From the HIPAA Journal itself, get the lowdown on 2020 while refreshing your sense of the rules and safeguards.

Read more from CSOOnline.

 

"Voice Phishers Targeted Company VPNs."

Krebs On Security and Wired both cover the rise of "phone spear phishing" campaigns.

Read more from Krebs On Security.

Read "The Attack That Broke Twitter Is Hitting Dozens Of Companies" on Wired.

 

"Historical Chart of Privacy Laws in the United States."

Andrey says, "As a part of RedLegg Advisory privacy work looking into the history of privacy regulations in US and stumbled upon this publication. It is from 2003 and does not cover CCPA and NY Shield, but still provides some great historic perspective."

Read more.

 

"Applying the CCPA to Health Care: The HIPAA Exemption, Exercise Apps, and Marketing Data."

"Despite its breadth, California's new privacy law, the California Consumer Privacy Act (CCPA), creates an exemption designed around the federal Health Insurance Portability and Accountability Act (HIPAA)."

An interesting crux.

Read more from Carlton Fields.

 

"Privacy FAQs: Are work email addresses and business contact information governed by the CCPA?"

Andrey says, "Is business contact information covered by CCPA?

As CCPA personal information definition includes “professional and employment information”, according to David Zetoony at Bryan Cave Leighton Paisner LLP:

“The net result is that work email addresses that contain an employee’s name or business contact information, such as the employee’s name, job title, company, business address, work phone number, etc. are arguably covered within the definition of “personal information.” In contrast, generic business names, business addresses, generic email addresses or any other general business information, as long as the information has not been linked to an individual, are arguably not covered within the definition. So, for example, “John.Smith@acme.com” would most likely be considered “personal information” governed by the CCPA whereas “contact@acme.com” would not, even if the latter is used by the same employee to communicate with the public.”

Read more from BCLP Law.


Looking for other helpful resources?

Get Blog Updates

Related Articles

OT Security: A RedLegg Case Study advisory, NIST, OT Security

OT Security: A RedLegg Case Study

This case study examines how RedLegg’s advisory team assessed and improved the OT security posture of a Food and ...
The CMMC Framework Levels vCISO, advisory, compliance, cmmc

The CMMC Framework Levels

As those in the Defense Industrial Base (DIB) look into the CMMC requirements, what exactly are the different levels of ...