Ramyar Daneshgar - CybersecurityAttorney.com (Page 4)

SOC 2 Compliance Explained: What It Is, Why It Matters, and How to Pass the Audit

By Ramyar Daneshgar Security Engineer | USC Viterbi School of Engineering Disclaimer: This article is for educational purposes only and does not constitute legal advice. What is SOC 2? SOC 2 stands for System and Organization Controls 2, a compliance framework developed by the American Institute of Certified Public Accountants (AICPA)

Case Study: BetterHelp - How Behavioral Advertising Mistake Costed $7.8M in FTC Fine

By Ramyar Daneshgar Security Engineer | USC Viterbi School of Engineering Disclaimer: This article is for educational purposes only and does not constitute legal advice. In March 2023, the Federal Trade Commission (FTC) finalized a $7.8 million enforcement action against BetterHelp, a prominent online mental health platform. This case reveals

How to Audit a Client’s Privacy Notice Like a Regulator Would

By Ramyar Daneshgar Security Engineer | USC Viterbi School of Engineering Disclaimer: This article is for educational purposes only and does not constitute legal advice. In the eyes of the Federal Trade Commission (FTC) and California Privacy Protection Agency (CPPA), a privacy notice is a public declaration about how a company

Shopify Merchants Lose $20 billion Due This One Risk - Here's How You Can Detect, Combat, & Prevent It

By Ramyar Daneshgar Security Engineer | USC Viterbi School of Engineering Disclaimer: This article is for educational purposes only and does not constitute legal advice. As cybersecurity professionals, it is crucial to advise your Shopify Merchant clients on how to protect their businesses from social engineering attacks, especially phishing scams. These

Case Study: How a Few Lines of Meta Pixel JavaScript Exposed Millions of Patient Records

By Ramyar Daneshgar Security Engineer | USC Viterbi School of Engineering Disclaimer: This article is for educational purposes only and does not constitute legal advice. Introduction Over the past two years, major healthcare providers in the U.S. embedded Meta Pixel - a tracking tool by Facebook - into their patient

Expansion of ICTS Supply Chain Regulations by the Department of Commerce

By Ramyar Daneshgar Security Engineer | USC Viterbi School of Engineering Disclaimer: This article is for educational purposes only and does not constitute legal advice. The U.S. Department of Commerce has significantly expanded its regulations under the Information and Communications Technology and Services (ICTS) supply chain rules, which are designed

Dark Patterns in Cookie Banners: The Overlooked Compliance Risk Facing U.S. Businesses

By Ramyar Daneshgar Security Engineer | USC Viterbi School of Engineering Disclaimer: This article is for educational purposes only and does not constitute legal advice. What Are Dark Patterns in Cookie Banners? Dark patterns are deceptive or manipulative user interface (UI) and user experience (UX) design choices that interfere with a

Case Study: Capital One vs. the Cloud: How One Misstep Triggered $190M in Settlements

By Ramyar Daneshgar Security Engineer | USC Viterbi School of Engineering Disclaimer: This article is for educational purposes only and does not constitute legal advice. Overview In 2019, Capital One experienced one of the most significant data breaches in U.S. financial sector history. Over 106 million individuals were affected, with

Are Your Cyber Risk Assessments Legally Defensible? Here’s How to Make Sure

By Ramyar Daneshgar Security Engineer | USC Viterbi School of Engineering Looking for a security engineer? Visit SecurityEngineer.com Disclaimer: This article is for educational purposes only and does not constitute legal advice. Introduction Most organizations today conduct cyber risk assessments to satisfy frameworks like NIST, ISO, or SOC 2. However,

Case Study: Inside the 23andMe Breach - What Happens When Your Genetic Data Isn’t Private

By Ramyar Daneshgar Security Engineer | USC Viterbi School of Engineering Disclaimer: This article is for educational purposes only and does not constitute legal advice. Executive Summary In late 2023, consumer genetics company 23andMe suffered a significant data breach affecting the genetic and personal data of nearly 7 million users. The

The Ownership Dilemma: What U.S. Law Says About AI-Generated Works

By Ramyar Daneshgar Security Engineer | USC Viterbi School of Engineering Disclaimer: This article is for educational purposes only and does not constitute legal advice. Executive Summary As generative AI becomes more deeply embedded in content creation, questions around intellectual property ownership grow more urgent. Under U.S. law, copyright protection

Case Study: Bank of America Breach - How a Vendor Mishap Exposed Millions of Customers’ Sensitive Data

By Ramyar Daneshgar Security Engineer | USC Viterbi School of Engineering Disclaimer: This article is for educational purposes only and does not constitute legal advice. 1. Overview In late December 2024, Bank of America experienced a significant data breach stemming from a third‑party vendor failure. A document destruction contractor, responsible