Resources
Privacy | Legislation | Breaches | Identity Theft
Privacy
Breach of Privacy Results in Jail Time
January 26, 2010
Ex-employee of NY office of taxation convicted of stealing identities.
Story Link
Date breaches: The insanity continues…
January 11, 2010
After all the articles about the growing cost of a breach, encryption is still not being used to protect personal identifying information.
Story Link
Virginia Fines Insurer for Failure to Protect Policyholder Privacy
November 2, 2009
Virginia insurance regulators issued first fine for a 2003 law regarding the protection of policyholder information.
Story Link
Survey: Poor Economy Leads To Rise In Sneaky IT Behavior
June 11, 2009
More than one-third of IT professionals have used their admin rights to view HR records and customer databases,
Story Link
Insider steals 9 million dollars with electronic access
-- Valerie Helmbreck
There is a lot to be said for protecting your company against external threats, but many times it is those inside the company who can do the most damage.
Story Link
Good Privacy as Competitive Advantage
April 10, 2009
Companies looking for differentiating factors in the areas of security and privacy, have a competitive advantage.
Story Link
Best Practices for Protecting Customer Data
April 2, 2009
Conduct an enterprise compliance review. The principal requirement for securing data is knowing exactly what data is stored where.
Story Link
MN Senator Admits Data Breach
March 11, 2009
Wikileaks has released detailed lists of Republican Senator Norm Coleman’s supporters and donors. Some 51,000 individuals are represented.
Story Link
Celebrate National Data Privacy Day!
Data Privacy Day is designed to raise awareness of the importance of data privacy practices and rights in North America and 27 European countries.
Story Link 1 and Story Link 2
Data Breaches Up 50% In 2008!
January 6, 2009
The percentage of breaches attributed to data theft from current and former employees more than doubled. This may be reflective of the economy.
Story Link
Banking’s Data Security Crisis
November 21, 2008
24% of all financial institutions’ data breaches were caused by insider theft.
Story Link
Employee cybersnooping?
July 17, 2008
One-third of IT professionals admit to peeking at employees’ personal data.
Story Link
The Imporance of Human Resources and Data Privacy
June 11, 2008
Stanford University recently loss of up to 72,000 employee records. Human resource managers have to enforce employee data protection and privacy.
Story Link
WhitePages.com Grapples with Privacy
May 16, 2008
WhitePages.com founder and CEO Alex Algard has said that the company would start adding features to let people edit or hide portions of their directory information.
Story Link
Outrage in UK over staff blacklisting database
May 12, 2008
Last week the announcement that several UK retailers were collaborating on compiling a database of employees dismissed over suspicion of theft or fraud caused furore amongst the public, trade unions and civil liberties groups.
Story Link
Benefits of personal health records will eclipse privacy concerns
May 7, 2008
In five years, the privacy debate over personal health records will be over, and you and I will be storing our medical records at a central location. Why? Because the benefits of better care and less paperwork will outweigh our current fears about breaches and inappropriate data-sharing.
Story Link
Planning a company social network? Don’t forget privacy issues
April 10, 2008
Large corporations seem to be tripping over themselves in their rush to tap into the social networking phenomenon by deploying their own versions of online user communities. But by trying to shoehorn this generation’s Woodstock into a corporate wingtip, they may be assuming risks that even the best social networks haven’t fully addressed.
Story Link
Canadian Firms Putting a Lock on Data Privacy
April 9, 2008
Last year, when Canadian Imperial Bank of Commercesubsidiary Talvest Mutual Funds was forced by the federal privacy commissioner to reveal it had lost a file containing confidential information on almost half a million clients, Jeff Green must have felt a shudder of sympathy mixed with schadenfreude.
Story Link
Professors Have Access to Student Financial Records
April 9, 2008
When Kyle Jepson walked into her playwriting class last year, she expected the usual syllabus-and-roll-call first day. She did not expect the professor to announce her unpaid fees to the entire class.
Story Link
Data Privacy in Minnesota
Minnesota Public Radio, January 4, 2008
“Minnesotans should not have to worry about government sharing their personal data without their consent,” Governor Tim Pawlenty said in announcing a series of legislative initiatives nearly two years ago to tighten data security in the state.
Story Link
Mind the GAPP: Accountants bring GAAP-like principles to the privacy sphere
December 06, 2007
If you haven’t heard of the Generally Accepted Privacy Principles (GAPP), take stock: They’re likely to become the most important new source of requirements for your IT projects since Y2k and Sarbanes-Oxley. Why is this? The accounting industry has closed ranks around the idea that the GAPP is the best international framework for assessing the privacy health of an organization. So when it comes to IT projects, any system or related business process touching personal data will have new rules to play by.
Story Link
Voter Privacy Is Gone - Get Over It
January 31, 2008
A voter registration data broker named Aristotle buys voter registration lists from counties and states. It then combines that information with highly personal and detailed information about voters that it mines from various other sources before reselling the data to candidates, political operatives, and commercial entities.
Story Link
Legislation
FBI Favors National Breach Notification Standard
October 28, 2009
The Homeland Security Department should establish a national standard to encourage companies to report data breaches to authorities to help gauge the intensity of cyberattacks.
Story Link
Massachusetts Data Privacy and Security Laws Impact Companies Across U.S.
November 06, 2008
The Massachusetts Office of Consumer Affairs and Business Regulation determined that there was a significant need for set of comprehensive standards that ensure businesses are taking practical steps to safeguard personal information.
Story Link
CT Governor Signs Bill to Safeguard Personal Data
June 11, 2008
“Identity theft has become one of the most frightening non-violent crimes of the 21st century and has become all too common,” Governor Rell said. “Now Social Security numbers — and all similar information — must be safeguarded much more carefully.”
Story Link
Governor Lingle Signs Bill to Protect Hawaii Residents Against Identity Theft
May 21, 2008
Governor Linda Lingle signed into law today a bill (SB3092 SD1 HD1 CD1) to provide Hawaii residents with additional protection against identity theft.
Story Link
New Law to Safeguard Privacy
May 5, 2008
A proposal referred to Parliament this week seeks to introduce provisions to safeguard the right to privacy. The bill on protection of personal data is a legal arrangement complementing a proposal referred to Parliament about two weeks ago regulating state secrets and transparency.
Story Link
Leahy Calls For Privacy Legislation
March 26, 2008
Senator Patrick Leahy, D-Vermont, says several recent security problems prove that new privacy legislation is needed. Leahy points to the security breach at Hannaford Supermarkets, as well as the breach of presidential candidates’ passport information, as reasons for the bill.
Story Link
Google to Push Privacy Initiatives in U.S.
March 26, 2008
Google is working with other companies to push consumer privacy legislation in Congress and will work with the U.S. Federal Trade Commission to fine-tune online advertising principles the agency proposed in December.
Story Link
New law addresses personal information breaches
February 01, 2008
Massachusetts recently became the 39th state to enact a data security breach notification law, the “Breach Notification Law,” to deal with security breaches of personal information of Massachusetts residents. The law applies to any person (i.e., a natural person, corporation, association, partnership or other legal entity) or agency (i.e., any Massachusetts agency, executive office, department, board, commission, bureau, division or authority, or any of its branches, or of any political subdivision) that owns, licenses, maintains or stores data that includes personal information of Massachusetts residents.
Story Link
What California’s New Medical Disclosure Law Means for the Rest of Us
February 7, 2008
A new California law requiring that customers be notified of a breach involving their medical information is likely to influence legislation in other states, according to two analysts who follow the health-care industry. However, legal experts remain divided on whether the law applies to out-of-state organizations who hold information about Californians.
Story Link
Privacy Bills Move Forward in California
Feb 7, 2008
Two bills aimed at protecting California residents from identity theft and privacy invasion are making their way through the state legislature. Late last week, the State Senate passed 40-0 SB 612, a measure which would allow identity theft to be prosecuted in the county in which the victim lives, according to State Senator Joe Simitian (D-Palo Alto), the bill’s sponsor.
Story Link
Breaches
University of Wisconsin Student Breach
October 27, 2009
University of Wisconsin-Madison say 40 computers have been hacked, possibly exposing personal information of nearly 3,000 people.
Story Link
NYPD Suffers Massive Data Breach
March 5, 2009
The New York Police Department (NYPD) is sending out letters to nearly 80,000 current and retired police officers after a civilian employee allegedly stole their personal information from a secure police back office
Story Link
Starbucks Sued After Data Breach
February 23, 2009
The lawsuit was filed Thursday in federal court in Seattle. Starbucks has offered employees one-year’s free credit monitoring and protection, but Krottner is asking the court to extend that to five years. She is also seeking unspecified damages and asking that Starbucks be ordered to submit to periodic security audits of its computer systems.
Story Link
Most Data Breaches Discovered Too late
June 11, 2008
70% of all data breaches are discovered by third parties, such as customers or banks, meaning that most companies have no idea that their data has been compromised until they are alerted by an outside voice.
Story Link
Walter Reed Says Patient Data May Be Compromised
June 2, 2008
Sensitive information on about 1,000 patients at Walter Reed Army Medical Center and other military hospitals was exposed in a security breach, sparking identity theft concerns and an investigation by the Army.
Story Link
Five IRS Employees Charged With Snooping on Tax Returns
May 13, 2008
Five workers at the IRS Fresno, California, return processing center were charged Monday with computer fraud and unauthorized access to tax return information for allegedly peeking into taxpayers’ files for their own purposes.
Story Link
More tied to UCLA Snooping
May 13, 2008
California health regulators have connected 14 more people affiliated with UCLA Medical Center, including four physicians, to the improper viewing of celebrity medical records, bringing the number of current and former workers apparently implicated in the snooping scandal to 68.
Story Link
6,000 UCSF Patients’ Data Got Put Online
May 2, 2008
Information on thousands of UCSF patients was accessible on the Internet for more than three months last year, a possible violation of federal privacy regulations that might have exposed the patients to medical identity theft, The Chronicle has learned.
Story Link
Half of Businesses Hit by Breaches
April 24, 2008
More than half of businesses have suffered data breaches in the last year, with the law now making encryption a necessity. The use of encryption to comply with privacy and data security regulations had increased from 17 per cent in 2007 to 58 per cent in 2008.
Story Link
LendingTree Discloses Insider Data Breach
April 22, 2008
The Web-based lending exchange says several former employees illicitly helped a handful of mortgage lenders gain access to customer data.
Story Link
Data Security Top Tech Issue for Colleges
March 20, 2008
A computer break-in at Harvard University highlights the growing challenges the nation’s colleges and universities face in trying to safeguard students’ private information.
Story Link
Use of Live Customer Data in Application Testing Still Widespread
February 8, 2008
A survey released by Compuware Corporation and the Ponemon Institute shows “an overwhelming majority of organizations surveyed risk compromising critical information by using actual customer data for the development and testing of applications.”
Story Link
The Dos and Don’ts of Disclosure Letters
February 8, 2008
How do you tell someone you have lost something important of his? That is hard enough. Now how do you tell a million people? As data breach disclosure laws proliferate—39 states have mandated disclosure, and federal legislation is wending its way through Congress—a flood of data breach disclosure letters follows.
Story Link
After a Data Breach: Navigating the tangle of state notification laws can be exasperating
October 29, 2007
Bananas.com was caught off guard last year. The musical instrument sales site suffered a data breach that was followed swiftly by a double whammy of consequences. Roughly 250 customer records were exposed, likely after an individual stole an administrative password by accessing systems remotely. (Site owner Bananas at Large has since put additional security procedures in place to prevent a recurrence.)
Story Link
Opinion: 8 Growing Risks of Employee Home Offices
February 1, 2008
There are eight primary risks employers must be aware of when employees are working from home, including: laptop computers in transit, USB drives in transit, lost PDAs, unprotected home computers, unprotected home networks, unprotected files over email, unprotected paperwork and un-inventoried data.
Story Link
Perspective: Why we still invite data breaches
October 29, 2007
After a massive security compromise at TJX earlier in the year (still the largest on record), some hoped it might signal the end of large-scale data breaches. That turned out to be not the case. Breaches later were reported at Disney, Western Union, Fidelity Information Services, Monster.com and TD Ameritrade. Millions of personal identifiable information records were pilfered, and then used to facilitate spamming, malicious software and spyware distribution, credit card fraud, and identity theft.
Story Link
Identity Theft
Manhattan DA Announces Major ID Theft Indictment
November 2, 2009
Computer technician stole personal identifying information of Bank of NY employees, resulting in $1.1 million in thefts.
Story Link
FTC Report: Identity Theft Remains Consumers’ No. 1 Fraud Complaint
Feb 26, 2009
The FTC report also shows what bad guys do with stolen identities. While 20 percent was pure credit card fraud, government documents or benefits fraud accounted for 15 percent, employment fraud for 15 percent, and phone or utilities, 13 percent. “[Around] 40 percent of identity theft had nothing to do with bank or credit cards,” Rusin notes. “It was stealing personal information, for working here illegally, fraudulent tax returns, [etc.],” he says.
Story Link
Employee Charged in Identity Theft Scheme
December 11, 2008
A Library of Congress employee used a government database to steal the personal information of other employees.
Story Link
Identity Thieves Prey on Patients’ Medical Records
May 7, 2008
Doctors’ offices, clinics and hospitals are a fruitful hunting ground for identity thieves, who are using increasingly sophisticated methods to steal patient information, lawyers and privacy experts say.
Legal experts say lawbreakers use medical information to get credit card numbers, drain bank accounts or falsely bill Medicare and other insurers.
Story Link
US Consumers Worried About ID Theft
April 23, 2008
Americans are still very concerned about identity theft and it is having an impact on their online behavior, according to an April 2008 Bankrate survey conducted by GfK Roper Public Affairs & Media.
Story Link
U.S. Lacks Gov’t Agency To Stop ID Thefts
April 2, 2008
For the millions of Americans that become victims of identity theft each year, restoring their credit and canceling their credit cards and bank accounts can be a daunting and overwhelming task.
But unlike other Western countries, there is little help that the federal government offers them.
Story Link
The Cost of ID Theft, Part 1: Beyond Dollars and Cents
February 05, 2008
Private, personally identifying information is everywhere, from portable computers and digital devices, to the Internet and private networks. This data can be obtained so easily — either through technology or more mundane means — and its theft is so often glamorized on film that it is starting to attract a younger generation to criminal ranks.
Story Link
Data thefts by employees doubled in 2008.
–Identity Theft Resource Center