Archive for January, 2007

CAN-SPAM Violation: TJ Web Productions Must Pay $465,000 Fine And Perform Additional Actions for 5 Years

Wednesday, January 31st, 2007

Yesterday the U.S. FTC and Department of Justice jointly announced a $465,000 penalty against TJ Web Productions for violating the CAN-SPAM Act.

(more…)

CAN-SPAM Violation: TJ Web Productions Must Pay $465,000 Fine And Perform Additional Actions for 5 Years

Wednesday, January 31st, 2007

Yesterday the U.S. FTC and Department of Justice jointly announced a $465,000 penalty against TJ Web Productions for violating the CAN-SPAM Act.

(more…)

Puget Sound Energy Ordered to Pay $995,000 For Selling Customer Personal Information

Tuesday, January 30th, 2007

Puget Sound Energy, Washington state’s largest electricity and natural gas utility, with over 1 million customers in 11 western Washington counties, was ordered to pay a total of $995,000 in fines for selling their customer information to marketing companies over a five year period. Only 18,992 of the transferred calls during the five years of the marketing program–from November 2001 to March 2006–were subject to penalties because of a two-year statute of limitations, according to the commission statement.

(more…)

Routine Personal Information Posting in the U.S. State Government Agencies

Monday, January 29th, 2007

NBC news ran a story about how many state government agencies post sensitive personally identifiable information (PII) on their websites. In this case an Ohio county court “routinely posted traffic tickets and other public records on its Web site.”

(more…)

Risks, Threats & Vulnerabilities: Snowball Lessons

Sunday, January 28th, 2007

I have some of the greatest and most illuminating information security and privacy discussions with my 7- and 9-year old sons. Their inquisitiveness and curiosity is unlimited. Their minds are open and ready to soak up everything around them, and to openly question those things that they do not understand, or challenge concepts with which they do not agree. It is too bad that most adults have lost these traits. It is too bad that too many parents and adults with responsibilities for children have squashed these innate qualities in young children instead of helping them to use those traits to blossom and develop into thoughtful, critical-thinking adults.

(more…)

Laptop Theft Incident: Laptop Security Leads To Catching Drug Dealers

Friday, January 26th, 2007

Some interesting news from right here in my back yard this week…
The Des Moines Register reported that a laptop was stolen along with other items stolen during a home burglery. The computer had a location-monitoring type of anti-theft package installed.

(more…)

Laptop Theft Incident: Laptop Security Leads To Catching Drug Dealers

Friday, January 26th, 2007

Some interesting news from right here in my back yard this week…
The Des Moines Register reported that a laptop was stolen along with other items stolen during a home burglery. The computer had a location-monitoring type of anti-theft package installed.

(more…)

Privacy Incident: Ohio Board of Nursing Exposes Personal Information of 3,031 Individuals

Thursday, January 25th, 2007

The Columbus Dispatch reported today, “OHIO BOARD OF NURSING Error puts nurses‚Äô personal data online.”
Reportedly over the past two months the “names and Social Security numbers of 3,031 newly licensed nurses were posted online twice.”

(more…)

Court Ruling: ISPs in New Jersey Must Keep Personal Information Private

Tuesday, January 23rd, 2007

An article from yesterday caught my eye, “Court finds NJ users can expect privacy from Internet providers
A few excerpts:

(more…)

Privacy Pitfalls

Monday, January 22nd, 2007

I had the opportunity to be the guest editor for the October Cutter IT Journal for an issue I called “Avoiding Privacy Pitfalls;” Cutter recently published notice of it.
It was great to put this together through the fantastic and greatly insightful as well as useful contributions of Dr. Andrew Jones, D.J. Vogel, Mark Fischer, David Lineman, Khaled El Emam, Roger CLarke and Timothy Virtue. They discussed privacy issues that organizations often overlook, ignore, or are completely oblivious about. For example, Dr. Andrew Jones describes his very interesting research into all the personally identifiable infromation (PII) on discarded equipment, and Roger Clarke discusses how to use privacy as a strategic factor within an organization.

(more…)