Resources
Privacy | Legislation | Breaches | Identity Theft
Privacy
The Imporance of Human Resources and Data Privacy
Philip Gordon , June 11, 2008
Stanford University recently loss of up to 72,000 employee records. Human resource managers have to enforce employee data protection and privacy.
Story Link
WhitePages.com Grapples with Privacy
Steven J. Vaughan-Nichols, May 16, 2008
WhitePages.com founder and CEO Alex Algard has said that the company would start adding features to let people edit or hide portions of their directory information.
Story Link
Outrage in UK over staff blacklisting database
Niall Byrne, May 12, 2008
Last week the announcement that several UK retailers were collaborating on compiling a database of employees dismissed over suspicion of theft or fraud caused furore amongst the public, trade unions and civil liberties groups.
Story Link
Benefits of personal health records will eclipse privacy concerns
Jay Cline, May 7, 2008
In five years, the privacy debate over personal health records will be over, and you and I will be storing our medical records at a central location. Why? Because the benefits of better care and less paperwork will outweigh our current fears about breaches and inappropriate data-sharing.
Story Link
Planning a company social network? Don’t forget privacy issues
Jay Cline, April 10, 2008
Large corporations seem to be tripping over themselves in their rush to tap into the social networking phenomenon by deploying their own versions of online user communities. But by trying to shoehorn this generation’s Woodstock into a corporate wingtip, they may be assuming risks that even the best social networks haven’t fully addressed.
Story Link
Canadian Firms Putting a Lock on Data Privacy
Joanna Pachner, April 9, 2008
Last year, when Canadian Imperial Bank of Commercesubsidiary Talvest Mutual Funds was forced by the federal privacy commissioner to reveal it had lost a file containing confidential information on almost half a million clients, Jeff Green must have felt a shudder of sympathy mixed with schadenfreude.
Story Link
Professors Have Access to Student Financial Records
Angela Henderson, April 9, 2008
When Kyle Jepson walked into her playwriting class last year, she expected the usual syllabus-and-roll-call first day. She did not expect the professor to announce her unpaid fees to the entire class.
Story Link
Data Privacy in Minnesota
Bob Collins, Minnesota Public Radio, January 4, 2008
“Minnesotans should not have to worry about government sharing their personal data without their consent,” Governor Tim Pawlenty said in announcing a series of legislative initiatives nearly two years ago to tighten data security in the state.
Story Link
Mind the GAPP: Accountants bring GAAP-like principles to the privacy sphere
Jay Cline, December 06, 2007
If you haven’t heard of the Generally Accepted Privacy Principles (GAPP), take stock: They’re likely to become the most important new source of requirements for your IT projects since Y2k and Sarbanes-Oxley. Why is this? The accounting industry has closed ranks around the idea that the GAPP is the best international framework for assessing the privacy health of an organization. So when it comes to IT projects, any system or related business process touching personal data will have new rules to play by.
Story Link
Voter Privacy Is Gone - Get Over It
Kim Zetter, January 31, 2008
A voter registration data broker named Aristotle buys voter registration lists from counties and states. It then combines that information with highly personal and detailed information about voters that it mines from various other sources before reselling the data to candidates, political operatives, and commercial entities.
Story Link
Legislation
CT Governor Signs Bill to Safeguard Personal Data
Government Technology, Jun 11, 2008
“Identity theft has become one of the most frightening non-violent crimes of the 21st century and has become all too common,” Governor Rell said. “Now Social Security numbers — and all similar information — must be safeguarded much more carefully.”
Story Link
Governor Lingle Signs Bill to Protect Hawaii Residents Against Identity Theft
Governor's Office, May 21, 2008
Governor Linda Lingle signed into law today a bill (SB3092 SD1 HD1 CD1) to provide Hawaii residents with additional protection against identity theft.
Story Link
New Law to Safeguard Privacy
Ercan Yavuz Ankara , May 5, 2008
A proposal referred to Parliament this week seeks to introduce provisions to safeguard the right to privacy. The bill on protection of personal data is a legal arrangement complementing a proposal referred to Parliament about two weeks ago regulating state secrets and transparency.
Story Link
Leahy Calls For Privacy Legislation
Kristin Carlson, March 26, 2008
Senator Patrick Leahy, D-Vermont, says several recent security problems prove that new privacy legislation is needed. Leahy points to the security breach at Hannaford Supermarkets, as well as the breach of presidential candidates’ passport information, as reasons for the bill.
Story Link
Google to Push Privacy Initiatives in U.S.
Grant Gross, March 26, 2008
Google is working with other companies to push consumer privacy legislation in Congress and will work with the U.S. Federal Trade Commission to fine-tune online advertising principles the agency proposed in December.
Story Link
New law addresses personal information breaches
Maria Recalde, February 01, 2008
Massachusetts recently became the 39th state to enact a data security breach notification law, the “Breach Notification Law,” to deal with security breaches of personal information of Massachusetts residents. The law applies to any person (i.e., a natural person, corporation, association, partnership or other legal entity) or agency (i.e., any Massachusetts agency, executive office, department, board, commission, bureau, division or authority, or any of its branches, or of any political subdivision) that owns, licenses, maintains or stores data that includes personal information of Massachusetts residents.
Story Link
What California’s New Medical Disclosure Law Means for the Rest of Us
Katherine Walsh, February 7, 2008
A new California law requiring that customers be notified of a breach involving their medical information is likely to influence legislation in other states, according to two analysts who follow the health-care industry. However, legal experts remain divided on whether the law applies to out-of-state organizations who hold information about Californians.
Story Link
Privacy Bills Move Forward in California
Direct Magazine Online, Feb 7, 2008
Two bills aimed at protecting California residents from identity theft and privacy invasion are making their way through the state legislature. Late last week, the State Senate passed 40-0 SB 612, a measure which would allow identity theft to be prosecuted in the county in which the victim lives, according to State Senator Joe Simitian (D-Palo Alto), the bill’s sponsor.
Story Link
Breaches
Most Data Breaches Discovered Too late
Brad Reed , June 11, 2008
70% of all data breaches are discovered by third parties, such as customers or banks, meaning that most companies have no idea that their data has been compromised until they are alerted by an outside voice.
Story Link
Walter Reed Says Patient Data May Be Compromised
Jennifer C. Kerr, June 2, 2008
Sensitive information on about 1,000 patients at Walter Reed Army Medical Center and other military hospitals was exposed in a security breach, sparking identity theft concerns and an investigation by the Army.
Story Link
Five IRS Employees Charged With Snooping on Tax Returns
Kevin Poulsen, May 13, 2008
Five workers at the IRS Fresno, California, return processing center were charged Monday with computer fraud and unauthorized access to tax return information for allegedly peeking into taxpayers’ files for their own purposes.
Story Link
More tied to UCLA Snooping
Charles Ornstein, May 13, 2008
California health regulators have connected 14 more people affiliated with UCLA Medical Center, including four physicians, to the improper viewing of celebrity medical records, bringing the number of current and former workers apparently implicated in the snooping scandal to 68.
Story Link
6,000 UCSF Patients’ Data Got Put Online
Elizabeth Fernandez, May 2, 2008
Information on thousands of UCSF patients was accessible on the Internet for more than three months last year, a possible violation of federal privacy regulations that might have exposed the patients to medical identity theft, The Chronicle has learned.
Story Link
Half of Businesses Hit by Breaches
Asavin Wattanajantra, April 24, 2008
More than half of businesses have suffered data breaches in the last year, with the law now making encryption a necessity. The use of encryption to comply with privacy and data security regulations had increased from 17 per cent in 2007 to 58 per cent in 2008.
Story Link
LendingTree Discloses Insider Data Breach
Ellen Messmer, April 22, 2008
The Web-based lending exchange says several former employees illicitly helped a handful of mortgage lenders gain access to customer data.
Story Link
Data Security Top Tech Issue for Colleges
Marisol Bello, March 20, 2008
A computer break-in at Harvard University highlights the growing challenges the nation’s colleges and universities face in trying to safeguard students’ private information.
Story Link
Use of Live Customer Data in Application Testing Still Widespread
James E. Powell, February 8, 2008
A survey released by Compuware Corporation and the Ponemon Institute shows “an overwhelming majority of organizations surveyed risk compromising critical information by using actual customer data for the development and testing of applications.”
Story Link
The Dos and Don’ts of Disclosure Letters
Scott Berinato, February 8, 2008
How do you tell someone you have lost something important of his? That is hard enough. Now how do you tell a million people? As data breach disclosure laws proliferate—39 states have mandated disclosure, and federal legislation is wending its way through Congress—a flood of data breach disclosure letters follows.
Story Link
After a Data Breach: Navigating the tangle of state notification laws can be exasperating
Jennifer McAdams , October 29, 2007
Bananas.com was caught off guard last year. The musical instrument sales site suffered a data breach that was followed swiftly by a double whammy of consequences. Roughly 250 customer records were exposed, likely after an individual stole an administrative password by accessing systems remotely. (Site owner Bananas at Large has since put additional security procedures in place to prevent a recurrence.)
Story Link
Opinion: 8 Growing Risks of Employee Home Offices
Jay Cline, February 1, 2008
There are eight primary risks employers must be aware of when employees are working from home, including: laptop computers in transit, USB drives in transit, lost PDAs, unprotected home computers, unprotected home networks, unprotected files over email, unprotected paperwork and un-inventoried data.
Story Link
Perspective: Why we still invite data breaches
Dan Sarel , October 29, 2007
After a massive security compromise at TJX earlier in the year (still the largest on record), some hoped it might signal the end of large-scale data breaches. That turned out to be not the case. Breaches later were reported at Disney, Western Union, Fidelity Information Services, Monster.com and TD Ameritrade. Millions of personal identifiable information records were pilfered, and then used to facilitate spamming, malicious software and spyware distribution, credit card fraud, and identity theft.
Story Link
Identity Theft
Identity Thieves Prey on Patients’ Medical Records
Julie Appleby, May 7,2008
Doctors’ offices, clinics and hospitals are a fruitful hunting ground for identity thieves, who are using increasingly sophisticated methods to steal patient information, lawyers and privacy experts say.
Legal experts say lawbreakers use medical information to get credit card numbers, drain bank accounts or falsely bill Medicare and other insurers.
Story Link
US Consumers Worried About ID Theft
EMarketer, April 23, 2008
Americans are still very concerned about identity theft and it is having an impact on their online behavior, according to an April 2008 Bankrate survey conducted by GfK Roper Public Affairs & Media.
Story Link
U.S. Lacks Gov’t Agency To Stop ID Thefts
Craig Clough, April 2, 2008
For the millions of Americans that become victims of identity theft each year, restoring their credit and canceling their credit cards and bank accounts can be a daunting and overwhelming task.
But unlike other Western countries, there is little help that the federal government offers them.
Story Link
The Cost of ID Theft, Part 1: Beyond Dollars and Cents
Andrew K. Burger, February 05, 2008
Private, personally identifying information is everywhere, from portable computers and digital devices, to the Internet and private networks. This data can be obtained so easily — either through technology or more mundane means — and its theft is so often glamorized on film that it is starting to attract a younger generation to criminal ranks.
Story Link
Estimated lost employee productivity costs range from $20 - $30 per record.
–Forrester Research