Archive for February, 2007

VA Suspends Medical Research Following Most Recent Breach Until Security Certification Is Obtained

Sunday, February 18th, 2007

Saturday, 2/17/07, it was widely reported that the U.S. Veterans Affairs (VA) was suspendingactivities at seven specialized research centers across the country after an unprotected computer hard drive disappeared from one of the facilities in Alabama last month.”

(more…)

Privacy: How to handle individual access requests in the UK in compliance with the Data Protection Act

Friday, February 16th, 2007

In many countries, such as in all 25 of the European Union states and within Canada, just to name a few, individuals have the legal right to request from organizations a verification of whether or not the organization has information about him or her, and organizations must provide to individuals, upon their request, a copy of their corresponding personal information in an easy-to-understand format, within a reasonable period of time from the request.

(more…)

Privacy Breach, Hackers and Lawsuits: Iowa Department of Education, Microsoft and Perkins Omelettes; Oh My!

Thursday, February 15th, 2007

There’s been enough interesting information security and privacy news here in my own frigid (subzero) snowy back yard in central Iowa to keep me from looking beyond the state for discussion material. Well yes, I did look beyond anyway…what I found will wait until another day.
Yesterday was interesting in that the Iowa Department of Education announced a security breach into their GED database and the Microsoft versus Comes/Iowa class action lawsuit was settled out of court.

(more…)

HSPD-12 and U.S. Government Agency Authentication and Access Controls

Wednesday, February 14th, 2007

Creating technologies that authenticate users with a high degree of confidence has always been a challenge, not only because of the typical complexity of the systems, but also because of the amount of confidence that must be placed within the end-user to appropriately secure his or her own user authentication information, most commonly the user ID and password.
Over the past several years the U.S. Government Accountability Office (GAO) has identified the historically poor authentication and access control practices as barriers for successful information sharing between not only government entities, but also with the private sector.

(more…)

HSPD-12 and U.S. Government Agency Authentication and Access Controls

Wednesday, February 14th, 2007

Creating technologies that authenticate users with a high degree of confidence has always been a challenge, not only because of the typical complexity of the systems, but also because of the amount of confidence that must be placed within the end-user to appropriately secure his or her own user authentication information, most commonly the user ID and password.
Over the past several years the U.S. Government Accountability Office (GAO) has identified the historically poor authentication and access control practices as barriers for successful information sharing between not only government entities, but also with the private sector.

(more…)

HIPAA: Privacy and the Press

Tuesday, February 13th, 2007

An interesting editorial ran this past Sunday in the Mason City, Iowa Globe Gazette about HIPAA, “The Price of Privacy: HIPAA has far-ranging implications
The title intrigued me. Yes, indeed there will be far-ranging implications to effectively start handling protected health information (PHI) in ways that will protect privacy.

(more…)

HIPAA: Privacy and the Press

Tuesday, February 13th, 2007

An interesting editorial ran this past Sunday in the Mason City, Iowa Globe Gazette about HIPAA, “The Price of Privacy: HIPAA has far-ranging implications
The title intrigued me. Yes, indeed there will be far-ranging implications to effectively start handling protected health information (PHI) in ways that will protect privacy.

(more…)

Privacy Breach: FBI Loses Laptops Each Month Despite 2002 Audit Telling Them To Improve Practices

Monday, February 12th, 2007

Today the U.S. Department of Justice (DOJ) released the “The Federal Bureau of Investigation’s Control Over Weapons and Laptop Computers Follow-Up Audit” report.
As you can tell by my post title, this should be a very embarrassing report for the FBI.

(more…)

Privacy Breach: FBI Loses Laptops Each Month Despite 2002 Audit Telling Them To Improve Practices

Monday, February 12th, 2007

Today the U.S. Department of Justice (DOJ) released the “The Federal Bureau of Investigation’s Control Over Weapons and Laptop Computers Follow-Up Audit” report.
As you can tell by my post title, this should be a very embarrassing report for the FBI.

(more…)

Privacy Breach: Johns Hopkins University Lost Personal Information on 135,000 Individuals

Sunday, February 11th, 2007

There now seem to be so many privacy breaches that it is hard to choose which one to discuss…
Last Wednesday, 2/7, Johns Hopkins University reported personal information on 135,000 employees and patients on nine backup tapes were missing that had been given to a contractor, Anacomp Co. Inc., to make microfiche backups.

(more…)