In February, the California Attorney General issued the “California Data Breach Report.” That report contained several recommendations, the most controversial of which related to the Center for Internet Security’s Critical Security Controls (the “CCS”). The report stated that “failure to implement all the Controls that apply to an organization’s environment constitutes a lack of reasonable… Continue Reading