Another real-life example to show the importance of having effective policies and procedures in place for not only information disposal, but also for the disposal of computers and storage media…
Posts Tagged ‘privacy incident’
I’ve been doing a lot of work with data retention and disposal policies and procedures lately, remembering the silly things I have read about with regard to organizations getting rid of their computers, such as selling their computers on eBay when they no longer need them…without removing the information! This is certainly not a phenomenon that is confined to the U.S.
Lo and behold, another situation has happened where an organization sold their old computer on eBay…for a bargain at £77 ($141), and it contained a a huge amount of personally identifiable information (PII), including credit card applications, on what is reported to be as many as over 1 million customers. Here are a few excerpts from the report in Forbes…
Yesterday the U.S. Federal Trade Commission (FTC) handed down yet another penalty against an online retailer, Life is good, Inc., for not properly safeguarding their online ecommerce applications.
The FTC charged they were in violation of the FTC Act because they promised in their online privacy statement that they would safeguard their customer data, but yet a hacker “was able to use SQL injection attacks on Life is good’s Web site to access the credit card numbers, expiration dates, and security codes of thousands of consumers.”
On December 17 the U.S. Federal Trade Commission (FTC) fined and penalized American United Mortgage Company for throwing the personally identifiable information (PII) and financial information of its customers and consumers into an open, publicly-accessible dumpster.
Under the terms of the penalty, American United Mortgage Company must:
Earlier this week I posted about one of the Business Software Alliance (BSA) initiatives for enforcing software licensing compliance, “Another Approach To Licensing Compliance.”
There are *MANY* software licensing tools and awareness communications that businesses of all sizes, and with all ranges of budgets, can use to effectively track and manage their software licenses, and make their personnel aware of the issues involved with software licensing.
The Department of Homeland Security (DHS) recently released the draft “IT Security Essential Body of Knowledge (EBK)” for public comment and feedback.
This 45-page document outlines the skill sets the groups working with the DHS have determined as being necessary for different information security topics. Many information security folks asked why another information security EBK was necessary when there was already the CISSP Common Body of Knowledge (CBK).
I don’t know why I continue to be surprised at the stupid things some people do, but apparently some people will never realize how much of themselves they are giving away when they post their pictures and other personal information on the Internet. My friend Alec (thanks again, Alec!) pointed me to a perfect example of what a growing number of people are doing…apparently thinking their employers are not savvy enough to be able to use the Internet.
Email is for “Old People”: Do Lack of Laws Make IM and Texting Ripe for Exploiting Children & Teens?Wednesday, November 28th, 2007
My 13-year-old-niece wrote an article for me about social engineering, and I got a chuckle out of her writing, “Maybe I’m old-fashioned, but I only use email. I don’t have my own FaceBook site.”
Can you imagine email being old-fashioned?! Gosh, my hand-written letters must be prehistoric!
Robert Ellis Smith sent me an email yesterday to let me know about his most recent article in Forbes magazine, “Scary Stuff.”
It’s a very interesting read and highlights some terms that, to date, I have not seen in print that much. However, they are some terms that information security, privacy and IT pros needs to acquaint themselves with:
My father was the superintendent of the public school district where I grew up in Missouri. He was a very hands-on type of leader; when he was not filling out forms, writing reports, making plans, or in meetings he was out in the hallways seeing what was up with the students and teachers and making sure that all was well. And then the evenings were busy with basketball games, concerts or other school events. Those school employees, parents and students that were able to talk with him during opportune times in the hallway or in the bleachers during time-outs, and get their concerns or points stated succinctly and clearly, made a positive impression with my dad. He appreciated that they communicated their ideas and concerns clearly, and got right to the point.
If you had an opportunity to speak for a few minutes with your CEO, CFO, or other CxO, would you be prepared to communicate succinctly and clearly your concerns and state your points regarding the importance of your information security and privacy initiatives?