A Q&A with James Prendergast and Chris DiIenno of Nelson, Levine, De Luca and Hamilton
First put into effect in 2000, the Children’s Online Privacy Protection Act (COPPA) was designed to protect the PII of children under age 13 online. In July, 2013, the regulation was revised to address more recent ways that children use the internet—namely, through social networking, apps and mobile devices. To better grasp the new amendment’s implications for businesses that collect the PII of children online, I talked to Jim Prendergast and Chris DiIenno, partners in the Privacy and Data Security Group at Nelson Levine De Luca and Hamilton, LLC.

A Q&A with Christopher Pogue of Trustwave
The Payment Card Industry’s Data Security Standard (PCI DSS) has been in place for a long time. Yet we keep hearing about breaches at PCI-compliant organizations. To learn why that is and what companies can do to better protect themselves, we spoke to Christopher Pogue, CISSP, CEH, CREA, GCFA, QSA, a director at Trustwave’s SpiderLabs.

Reprinted with permission from HB Litigation.
Have you ever wondered why the same advertisement seems to be following you around the Internet?  Toby Merrill of ACE Professional Risk attributes this phenomenon to the increased use of data analytics by advertisement companies.  Data analytics is being used to track online users’ preferences so that companies can specifically target users with advertisements that match their interests.  This type of data collection has led to the hot-button issues of whether companies are infringing on their customers’ privacy rights and whether this data is being wrongfully collected.

DDoS (distributed denial of service) attacks are a major threat and risk exposure facing any business with an internet-facing server. They can be especially devastating to companies that primarily conduct sales through the internet, resulting in a network crash that can disrupt business and diminish profits and cause irreparable damage to a brand. Research firm the Yankee Group estimates that an average size company ($10 million in annual revenue) can lose $150,000 in a successful DDoS attack. I spoke with Jag Bains, CTO of DOSarrest in Vancouver, Canada, about the very real threat of DDoS and how organizations can mitigate their exposure to these attacks.

A Q&A with Christopher Watson
The IRS Safeguards Program was designed to ensure that federal, state and local agencies properly protect federal tax information, and the requirements cover computer security, among other things. I spoke with Christopher Watson, senior manager of internal audit and risk advisory services at Schneider Downs & Co. in Columbus, OH, to find out more about the Program and what it entails.

A Q&A with Grayson Lenik
The retail industry is now the top target for cybercriminals, according to the 2013 Trustwave Global Security Report, and payment card data (PCI) is a critical area of concern. Yet many businesses, especially smaller retailers, are still unaware of basic PCI requirements. I asked Grayson Lenik, senior security consultant at Trustwave, for an overview of what small merchants need to know.

A Q&A with Nathan Steuer and Peter Coddington
Mobile devices are essentially computers that can go anywhere the employee goes. While these devices enable powerful computing capabilities, they are also easily lost and left unprotected, creating additional data security risks for organizations that use them. I asked Nathan Steuer, business development director, and Peter Coddington, CEO of PaRaBal, Inc., in Catonsville, MD, about limiting the vulnerabilities of mobile devices.

A Q&A with Ryan Kriger
Among state Attorneys General, Vermont has gained a reputation for being particularly aggressive about data breach and privacy regulation. To better understand the state’s Consumer Protection Act requirements and processes for data breach investigation, I talked to Ryan Kriger, Assistant Attorney General.

A Q&A with Kenneth Levine
Subrogation is an emerging topic in cyber liability insurance, as insurance companies are starting to pursue compensation from any third parties that can be held responsible for a data breach. To get a better handle on the current reality of subrogation in this area, I spoke to Kenneth Levine, partner at Nelson, Levine, de Luca & Hamilton, LLC.