The market and the government need to move beyond just punishing corporations after major cybersecurity failures to steer them instead toward proactive and comprehensive cyber risk management.
Latest in data breach
Companies holding sensitive personal information on individuals have little incentive to improve their cybersecurity postures. Congress needs to act.
The Equifax breach raises questions about the duty of care with respect to special relationships and statutes as the basis for a claim.
Surviving standing in a data-breach lawsuit.
The Cal State case highlights risks faced by academic institutions and nearly any other large organization that relies on vendors to provide services.
The FTC now owns cybersecurity in the private sector. Which is an odd result.
Such is the gist of a three-judge panel's quite important opinion, affirming the denial of a motion to dismiss in Federal Trade Commission v. Wyndham Worldwide Corporation et al.
Query how much this precedent, regarding the government's own cyber enforcement powers, might bolster private efforts to hold the government to account for its own data security problems.