On May 18 the U.K. Data Protection Commissioner said in a Channel 4 news report he’s going to investigate why an online visa application system allowed the personally identifiable information (PII) of around 50,000 applicants from India who had applied for U.K. passports viewable on the Internet.
Archive for the ‘Privacy Incidents’ Category
Outsourced Company’s Unsecure Application Makes U.K. Passport Applicant PII Available to Everyone On the Internet
Wednesday, May 30th, 2007More Reason to Strengthen Information Security: New MN Law Restricts How Long Merchants Can Retain Purchase Information
Monday, May 28th, 2007To date we have at least 37 U.S. states that have enacted breach notice laws, (Maryland’s new breach notice law was signed May 17th), but these address how to react AFTER personally identifiable information (PII) has been compromised. Multiple federal-level bills proposed but none yet passed.
The Need to Build Security In: Poor Implementation of Indianapolis Public Schools Website Allows Viewing of PII For 7000+ Students and Teachers
Friday, May 18th, 2007Today Monsters and Critics reported, “Indianapolis Public Schools exposes thousands to risk of identity theft.”
Apparently the Indianapolis Public Schools (IPS) website “that allows teachers to post reviews, student-writing samples, grades, and other confidential material to the IPS network” was implemented and configured without much attention to security.
Great New Site for Data Loss Statistics
Tuesday, May 15th, 2007There is a great new site, etiolated.org, that takes the privacy breach data accumulated by attrition.org and parses it into some very interesting statistics, trends charts, provides areas for commentary, and lots of other interesting and useful information.
Privacy: Surveillance and Poor Security Practices
Saturday, April 28th, 2007Today I read with interest an article in the U.K.’s Guardian Unlimited, “Surveillance ‘intrudes on our lives‘.”
I am doing some research into various surveillance methods, such as with CCTV, key loggers, and other methods of surreptitiously recording the activities of individuals, typically without their consent, and often without their knowledge.
SMBs, Identity Theft & Insider Threat: Bad SMB Security Impacts Organizations of All Sizes
Wednesday, April 18th, 2007There are many articles written about the insider threat, several have been done, and often the focus is on large organizations where those employees with malicious intent are often either in positions of trust way down in the org chart, or the perpetrator is the person at the helm of the organization.
Admitted HIPAA Noncompliance at UPMC: Penalties Must Be Applied to Make Laws Effective
Monday, April 16th, 2007On April 13 the Pittsburgh Tribune-Review reported that the University of Pittsburgh Medical Center (UPMC) admitted to using the records of 80 patients, including names and Social Security numbers, for a presentation they made at a 2002 symposium, in violation of the Health Insurance Portability and Accountability Act (HIPAA).
Insider Threat Example: Former Wal-Mart Employee Spied Because His Managers Told Him To
Wednesday, April 4th, 2007I have seen organizations where management and staff members were so fixated on protecting the company, to the disregard of observing laws and complying with policies, that they ended up doing completely inappropriate actions that involved infringing on privacy and breaking laws.
What Were They Thinking!? U.S. Marshals Put The PII of Thousands of People on a D.C. Street For Anyone To Take
Saturday, March 31st, 2007I read a lot of articles about incidents; it is hard to keep up with them all! However, one I ran across on the WUSA 9News Now site in Washington D.C. grabbed my attention.
