Saturday, 2/17/07, it was widely reported that the U.S. Veterans Affairs (VA) was suspending “activities at seven specialized research centers across the country after an unprotected computer hard drive disappeared from one of the facilities in Alabama last month.”
Archive for the ‘Privacy Incidents’ Category
VA Suspends Medical Research Following Most Recent Breach Until Security Certification Is Obtained
Sunday, February 18th, 2007Privacy Breach, Hackers and Lawsuits: Iowa Department of Education, Microsoft and Perkins Omelettes; Oh My!
Thursday, February 15th, 2007There’s been enough interesting information security and privacy news here in my own frigid (subzero) snowy back yard in central Iowa to keep me from looking beyond the state for discussion material. Well yes, I did look beyond anyway…what I found will wait until another day.
Yesterday was interesting in that the Iowa Department of Education announced a security breach into their GED database and the Microsoft versus Comes/Iowa class action lawsuit was settled out of court.
Privacy Breach: FBI Loses Laptops Each Month Despite 2002 Audit Telling Them To Improve Practices
Monday, February 12th, 2007Today the U.S. Department of Justice (DOJ) released the “The Federal Bureau of Investigation’s Control Over Weapons and Laptop Computers Follow-Up Audit” report.
As you can tell by my post title, this should be a very embarrassing report for the FBI.
Privacy Breach: FBI Loses Laptops Each Month Despite 2002 Audit Telling Them To Improve Practices
Monday, February 12th, 2007Today the U.S. Department of Justice (DOJ) released the “The Federal Bureau of Investigation’s Control Over Weapons and Laptop Computers Follow-Up Audit” report.
As you can tell by my post title, this should be a very embarrassing report for the FBI.
Privacy Breach: Johns Hopkins University Lost Personal Information on 135,000 Individuals
Sunday, February 11th, 2007There now seem to be so many privacy breaches that it is hard to choose which one to discuss…
Last Wednesday, 2/7, Johns Hopkins University reported personal information on 135,000 employees and patients on nine backup tapes were missing that had been given to a contractor, Anacomp Co. Inc., to make microfiche backups.
FTC: Speech Highlights Need for All Organizations To Address Information Security and Privacy & Education On These Topics
Friday, February 9th, 2007The transcript of FTC Chairman Deborah Platt Majoras’ keynote on February 6 at the RSA conference, “ID Theft and Cyber-crime: Where Thieves Victims, Industry and Government Intersect” is available on the FTC site.
I’ve often stressed how the FTC Act basically applies to all organizations of all sizes in all industries doing business in the U.S. that have been entrusted to handle personal information. Too many organizations still believe that information security privacy issues only need to be handled by healthcare or financial organizations. The FTC has made many published statements to demonstrate that all organizations had better get their act together and implement safeguards for personally identifiable information (PII). Some of the statements within Majoras’ keynote emphasize this.
Privacy Law: Leahy & Specter File Personal Data Privacy Act of 2007 Bill
Thursday, February 8th, 2007On Tuesday, February 6, U.S. Sen. Patrick Leahy, D-Vt., and Sen. Arlen Specter, R-Pa., filed legislation,the Personal Data Privacy Act of 2007, that would, among other things, require organizations to notify consumers of security breaches as well as mandate the adoption of internal policies to protect personal data. This bill is generally the same as the bill Leahy proposed in 2005 and then again in 2006.
Privacy Breach: Bank in UK Sends Personal Data of 75,000 Customers to 1 Customer Requesting Her Own Statement
Wednesday, February 7th, 2007The Halifax Bank of Scotland sent the complete account information for 75,000 of their customers to one customer who had requested a copy of her own statement.
PCI DSS and GLBA Compliance & Privacy Breach: Lawsuits Filed Against TJX
Sunday, February 4th, 2007Let’s look at the events that have occurred with the recent TJX computer hack and resulting privacy breach and identity thefts:
Puget Sound Energy Ordered to Pay $995,000 For Selling Customer Personal Information
Tuesday, January 30th, 2007Puget Sound Energy, Washington state’s largest electricity and natural gas utility, with over 1 million customers in 11 western Washington counties, was ordered to pay a total of $995,000 in fines for selling their customer information to marketing companies over a five year period. Only 18,992 of the transferred calls during the five years of the marketing program–from November 2001 to March 2006–were subject to penalties because of a two-year statute of limitations, according to the commission statement.
