Privacy & Data Security

The French  National Agency for Safety of Medicines and Health Products (Agence nationale de sécurité du médicament et des produits de santé or ANSM) has announced on its website in October 2017 the  creation of a  “temporary specialized scientific committee” (comité scientifique spécialisé temporaire CSST) on the cybersecurity of medical device software. View Full Post
On November 15, 2017, the Trump administration released the Vulnerabilities Equities Policy and Process. This documents describes the process by which U.S. agencies and departments determine whether to disclose or restrict information on vulnerabilities in information systems and technologies. The Vulnerabilities Equities Process (VEP) balances whether to disclose vulnerability information to the vendor or supplier in the expectation that the vulnerability will be fixed or to temporarily restrict disclosure of the information so that it can be used for national security and/or law enforcement purposes. View Full Post
Security researcher Chris Vickery has confirmed that web-monitoring data from the Department of Defense (DOD) was exposed through Amazon Web Services by the way the DOD configured access by authorized users. According to Vickery, anyone with a free AWS account had access to the DOD information, which included 1.8 billion internet posts that had been scraped from publicly available sites, including information about guns, scam alert websites and forums that contained offensive content. View Full Post
The Consumer and Governmental Affairs Bureau of the Federal Communications Commission (FCC) is asking for comments on a petition filed by the Federal Housing Finance Agency (FHFA) requesting clarification or a declaratory ruling under the Telephone Consumer Protection Act (TCPA) as to communications from mortgage servicers to borrowers affected by natural disasters. View Full Post