Twitter - 2/2 - Privacy and Information Security Law Blog

Tag Archives: Twitter

Israeli Supervisor of Banks Issues Letter on Social Networking

Posted on August 4, 2010 by Hunton & Williams LLP

Reporting from Israel, legal consultant Dr. Omer Tene writes:

On July 28, 2010, the Israeli Supervisor of Banks, Rony Hizkiyahu, issued a letter to the CEOs of all local banks expressing concern over the banks’ and their employees’ use of online social networks, including both proprietary Web 2.0 tools and networking sites such as Facebook, Twitter, LinkedIn, MySpace and YouTube, all of which are explicitly referred to in the letter. The Supervisor of Banks, Israel’s banking regulator, requires banks to take steps to ensure data protection and information security, including having outside experts perform risk assessments, creating and enforcing policies for use of social networking tools as well as guidelines and procedures for implementation and audit, and devising a data security strategy to address increased risks to employee and customer data. These instructions are in addition to the Supervisor of Banks Proper Conduct of Banking Business Regulation No. 357, Information Technology Management, as well as applicable data protection law and regulations.

View the Supervisor of Banks’ letter (in Hebrew).

Tags: Facebook, Israel, LinkedIn, MySpace, Omer Tene, Social Media, Twitter, YouTube

Twitter Settles FTC Data Security Charges

Posted on June 24, 2010 by Hunton & Williams LLP

Twitter has agreed to settle Federal Trade Commission charges that it deceived consumers and put their privacy at risk by failing to safeguard their personal information. The charges stem from alleged lapses in the company’s data security that permitted hackers to access tweets that users had designated as private and to issue phony tweets from the accounts of some users, including then-President-elect Barack Obama. According to the FTC’s complaint (main document, exhibits), these attacks on Twitter’s system were possible due to a failure to implement reasonable safeguards, including:

requiring employees to use hard-to-guess administrative passwords that are not used for other programs, websites or networks;
prohibiting employees from storing administrative passwords in plain text within their personal email accounts;
suspending or disabling administrative passwords after a reasonable number of unsuccessful login attempts;
providing an administrative login webpage that is made known only to authorized persons and is separate from the login page for users;
enforcing periodic changes of administrative passwords by, for example, setting them to expire every 90 days;
restricting access to administrative controls to employees whose jobs required it; and
imposing other reasonable restrictions on administrative access, such as by restricting access to specified IP addresses.

The proposed settlement agreement contains a consent order requiring Twitter to implement data security safeguards and submit to periodic independent security audits. The FTC’s press release contains more details.

Tags: Consent Order, Consumer Protection, Federal Trade Commission, IP Address, Social Media, Twitter

Privacy and Information Security Law Blog - Global privacy and information security law updates and analysis

Tag Archives: Twitter

Published By Hunton & Williams

Search

Subscribe

Topics

Recent Updates

Blogroll

Privacy News