The Boston Globe reported Tuesday that “Ameriprise Financial Services Inc. will pay $25,000 to settle a probe of how one of its laptop computers went missing with the personal data of thousands of Massachusetts residents.”
An Ameriprise Financial Services laptop was stolen in 2005 that contained clear text personally identifiable information (PII) about over 200,000 individuals.
Archive for the ‘Privacy and Compliance’ Category
Penalty Applied for Laptop Theft: More Significant Penalties Are Needed to Motivate Better Safeguards
Thursday, December 14th, 2006Example of Need to Validate Business Partner Security: State of Vermont Privacy Breach Resulting from Contractor
Wednesday, December 13th, 2006An incident recently occurred where a contractor for the State of Vermont accidentally posted the Social Security numbers for hundreds of healthcare workers within Vermont. The data existed on the web site for approximately one month before it was removed.
This demonstrates one of the multiple reasons why organizations must ensure the acceptable security practices of the business partners to whom they entrust sensitive information.
PII About 800,000 Individuals Compromised at UCLA
Tuesday, December 12th, 2006Today CNN reported personally identifiable information (PII), Social Security numbers, home addresses and birth dates, about 800,000 current and former UCLA students, faculty and staff may have been compromised.
Surprisingly, the unauthorized access reportedly was occurring from October, 2005 through November 21 of this year when the security staff finally noticed suspicious activity.
FTC Provides Claims Forms for Individuals Impacted by the 2004 Choicepoint Incident
Sunday, December 10th, 2006On December 6, 2006, the U.S. Federal Trace Commission (FTC) made claims form available for anyone who believes they had identity theft occur as a result of the Choicepoint security incident late in 2004 involving at least 163,000 individuals. Since then around 1,400 individuals have indicated they have been victims of identity theft as a result of that incident.
Laptop Theft: PII About 1,000 W.Va. Air National Guard Members
Wednesday, December 6th, 2006A report in the Air Force Times indicates a laptop containing personally identifiable information (PII) about 1,000 West Virginia Air National Guard members was stolen during a training trip in November. The spokesperson for the Air National Guard indicated:
“The Air Force uses some of most sophisticated encryption processes to safeguard information on government computers”
…implying the data on the laptop was encrypted, but not coming right out and saying it was.
FTC Report on FACTA Effectiveness: Highlights the Need for Better Data Accuracy Practices
Tuesday, December 5th, 2006Today the FTC released their report, “Second Interim Report of the Federal Trade Commission to Congress Under Section 319 of the Fair and Accurate Credit Transactions Act of 2006.”
Before I comment on the report, as an interesting aside, one of the authors of the report, Chairman Deborah Platt Majoras, was named of of 2006’s “Top 5 Influential IT Security Thinkers” in the December 2006 issue of SC Magazine, but I don’t see this issue on their site yet.
FTC Report on FACTA Effectiveness: Highlights the Need for Better Data Accuracy Practices
Tuesday, December 5th, 2006Today the FTC released their report, “Second Interim Report of the Federal Trade Commission to Congress Under Section 319 of the Fair and Accurate Credit Transactions Act of 2006.”
Before I comment on the report, as an interesting aside, one of the authors of the report, Chairman Deborah Platt Majoras, was named of of 2006’s “Top 5 Influential IT Security Thinkers” in the December 2006 issue of SC Magazine, but I don’t see this issue on their site yet.
Oracle Releases New Application Data Safeguard Standards
Monday, December 4th, 2006On 11/28 Oracle released new technology standards for safeguarding data throughout the applications data flow called the Identity Governance Framework (IGF). CNET news reported on it November 30. The article points out that such standards would help prevent data leaks and also contribute to regulatory compliance.
