NEW PRIVACY LAWS AFFECT BUSINESS TODAY

Currently the Washington State Legislative will likely pass a very strong Consumer Data Privacy law. As many of you know, California has already made the first step in clear language dictating that businesses must change the manner in which Consumer data is managed and protected. That legislation is called California Consumer Privacy Act (CCPA). Many other states are in the process of legislation this year like CCPA and/or GDPR.

With the California current law and Washington’s new law, Consumers have rights to the following:  

  • Personal Information Rights
    • Requiring business not to sell their personal data
    • Requiring opt IN rather than Opt OUT practices
  • Right to be Forgotten
    • A Consumer can require a business to permanently remove any and all Personal Information 
  • Right to Know
    • Personal Information disclosure by company to a person of what personal information exists and how it is used
  • Right to equal service and price
    • Consumer will have the right to object to any profiling, direct marketing and statistical research on current or historical Consumer data. Including clear restrictions on any discriminatory actions by a company against Consumers who wish to exercise their right to privacy.


In our discussions with Policy makers, Washington state as well as other states will have adopted very strong data privacy laws that protects consumer’s. We encourage business to begin considering how to accommodate these near-term changes. 

For more Privacy related information please request below:

(This information will not be resold or used in any other way, other than to contact you regarding Privacy Legislation)

Cyber Security: A Process Primer

Without question, we are seeing security become top of mind for leadership.  Many organizations are becoming fearful of the almost certain prospect, that they will become victims of a data breach and/or ransom-ware in the near future.    More than ever, firms need to take an offensive position and actively secure their organizations–the first step is knowledge.

Here is a primer for developing and managing a Cyber Security process to help you and your firm become more secure. This is a straight-forward process, we use at Ascension, to help companies achieve high levels of security compliance.

Ascension Cyber Security Process

Unfortunately, after a breach, leaders call us to help them recover. I hear many of them say:

“What really happened? Are we responsible? Why did I get targeted?

Please feel free to call and ask any and all questions you may have regarding Cyber Security.

Paul Scott 425-750-0760 paul@ascension-tg.com

Industrial Systems Vulnerable to Hackers!

Security Week, a well respected online new service, announced that ” Several major industrial and automation solutions providers have issued advisories in response to the recently disclosed Wind River VxWorks vulnerabilities dubbed Urgent/11.

It is reported that Company’s with systems from the following have issued notices and/or advisories regarding this Zero Day vulnerability.

At Ascension, we are working to insure ourselves and our clients are protecting both corporate and individual data. Again, I think we need to ask ourselves, are we doing enough our systems and the persons affected. Please Ponder this question and free to call or comment. Thank you

Capital One Data Breach…Who’s protecting your wallet?

As I was reading my Wall Street Journal online this evening. I can see that Data Breach concerns are becoming louder this year than anytime in the past. In a article “Capital One Cyber Staff Raised Concerns Before Hack” (1) the authors shared indications that before the Capital One Data Breach, there were a number of concerns voiced by staff and others. Issues such as high staff turnover, even at the top levels of the organization. Also, improper or possibly negligent configurations of security related software were slow to be implemented. Capital One’s slogan is “What in your wallet?” It’s catchy! However, I think we all wished that the data in our wallet’s should stay in our wallet!

At Ascension, we find new clients sharing similar issues or concerns. CyberSecurity is not easy nor is it sexy. However, in today’s world, CyberSecurity and Privacy are now a cost of doing business for almost any endeavor. Leadership and technical staff alike, need to focus reasonable and consistant energy on CyberSecurity for the security of their respective customers. Security Assessments are essential to understanding the problem.

Assessment is the first step in understand how your company fairs with regard to CyberSecurity and Privacy. Feel free to comment whether you believe assessments are helpful?

Good Day, Paul

CItations:

(1) Andriotis , AnnaMaria, and Rachel Louise Ensign. “Capital One Cyber Staff Raised Concerns Before Hack.” Capital One Cyber Staff Raised Concerns Before Hack, Wall Street Journel, Aug. 2019, https://www.wsj.com/articles/capital-one-cyber-staff-raised-concerns-before-hack-11565906781?mod=djemalertNEWS

The plot thickens — Not just Capital One Breached, possibly 30 more companies breached.

It appears that prosecutors have stated that the Seattle Employee arrested for the Capital One 106 Million User Breach, also “include(s) not only data stolen from Capital One, but also multiple terabytes of data stolen by Thompson from more than 30 other companies, educational institutions, and other entities. “

Geekwire, which has done a stellar job of coverage, uploading a copy of a UNITED STATES’ MEMORANDUM IN SUPPORT OF MOTION FOR DETENTION filed on the 13th of this month. See https://www.scribd.com/document/421871863/Aug-13-memorandum-for-Paige-Thompson-case

As I stated last week, “Estimating the cost to the company is typically, at least $100 to $150 per user, it would be easy to estimate the initial cost to Capital One will be well over $100M, and most likely upward of $200M, when you factor in all the internal remediations and legel cost that are never recovered by any company.” Now with 30 possible other companies breached, the businesses may be forced to pay over 500 Million or more.

Are you responsible…

 Are we really protecting our company's and customer data?
Are we really protecting our company’s and customer data?

A movie was just released on Netflix, called The Great Hack“, which was directed by Noujaim & Amer. This movie describing how Cambridge Analytica was able to change the outcomes of elections here and abroad. As I watched the movie, I was first taken by the right vs. left political commentary–finding myself riled up, like most of us concerned with the devisive nature of politics in America today.

However, as I listened to the journalist from the UK publication, The Guardian. I began to recognize the deeper and far more insidious consequence. The real issue is protecting personal data from nafarious uses against the person themselves. What companies like Cambridge Analytica did and do, is exploit user data against the person’s themselves. Brittany Kaiser of Cambridge Analytica, spoke plainly, stating that firms like her’s, used People’s personal data, targeted against that person to change their personal views without their knowledge, understanding or consent. She called it “Weapons Grade Communications.” Wow!

This movie, coupled with the recent $5 Billion Dollar fine levied against FaceBook, has many of us asking the important question: I’m I really protecting my company’s customers data appropriately?

At Ascension, we are working daily to make sure ourselves and our clients are protecting both corporate and individual data in an appropriate manner. Lately, many of our new clients are asking themselves, “Are we really protecting our company’s and customer’s data?”

I would ask you: “Are you responsible….and if so, what are you going do about it?”

Thank you for listening to my opinions. Paul Scott

Apple CEO declares “Our own information…is being weaponized against us with military efficiency!”

Wall Street Journal is reporting Apple CEO, Tim Cook, stated “Our own information—from the everyday to the deeply personal—is being weaponized against us with military efficiency,” Mr. Cook said. “Today, that trade has exploded into a data-industrial complex.”*

Washington’s small to mid-size businesses are not the “data-industrial complex.”  However, we can expect strong reactions from state and federal legislators to demand businesses, small to large; to implement much stronger defenses to protect personal data.  Also, we shall see tighter prohibitions regarding the collection of personal data. I understand and agree to some extent!

More and more, we are finding leaders beginning improve security and privacy as a matter of business cost control–not as a means of compliance.   It is better to make effective, measured improvements over time; rather than get forced by legislation to make significant changes–driven by an arbitrary compliance date.

I was personally involved with knee-jerk legislation, when the Sarbanes-Oxley Act was enacted into law.  Many of us–attorneys, auditors, business colleugues were all looking at each other, trying desparately, to intreprete the law.  We were also realizing the powerful consequences, if we do not meet the regulatory requirements, on time.  Tough times. The company I was working with at the time, spent millions over that year, just to produce a report with two signatures.  Huh!

Please feel free to comment or call me.

Paul Scott

(425) 750-0760

 

 

* https://www.wsj.com/articles/apple-ceo-tim-cook-calls-for-comprehensive-u-s-privacy-law-1540375675