The French Data Protection Authority (CNIL) made some interesting statements last week in their annual report, covering June 2006 through June 2007, about some fines they’ve given during the past 12 months for non-compliance with their data protection laws.
Posts Tagged ‘data protection’
Data Protection & Privacy Noncompliance Fines Increasing in France
Monday, July 16th, 2007Two U.S. Federal Data Protection Bills Approved: One May Actually Make It Through
Wednesday, May 9th, 2007It looks like we make actually get a federal data protection law, that includes breach notice requirements, this year. Such a law is long overdue; not only to protect personally identifiable information (PII), but also to help businesses to resolve their growing headaches involved with trying to comply with at least 36 state breach notice laws as well as dozens of other state level data protection and credit freeze laws, and multiple industry-specific data protection laws.
Deadline is Today for Submitting Comments to the DHS About Draft REAL ID Rules
Tuesday, May 8th, 2007The Department of Homeland Security (DHS) published draft rules regarding REAL ID. Comments are due by 5:00 PM Eastern Time *TODAY*.
France Fines Tyco Healthcare: U.S. Companies, You MUST Know and Follow International Data Protection Laws
Monday, May 7th, 2007In April the French Data Protection Authority (CNIL) reported they had issued a $40,972 fine against a subsidiary of U.S.-based Tyco Healthcare in March for inadequate storage safeguards and cross-border transfer of employee personally identifiable information (PII).
Data Security: OECD Publishes New Privacy Guidelines for Accessing Data From Publicly Funded Research Projects
Sunday, May 6th, 2007On May 3 the Organization for Economic and Cooperation and Development (OECD) released a new 24-page guideline,”Principles and Guidelines for Access to Research Data from Public Funding” for organizations in governments throughout the world regarding access to data from publicly funded research projects.
Data Security: OECD Publishes New Privacy Guidelines for Accessing Data From Publicly Funded Research Projects
Sunday, May 6th, 2007On May 3 the Organization for Economic and Cooperation and Development (OECD) released a new 24-page guideline,”Principles and Guidelines for Access to Research Data from Public Funding” for organizations in governments throughout the world regarding access to data from publicly funded research projects.
How Long Has It Been Since You’ve Done An Awareness Activity? Privacy and Security Week Starts April 8
Monday, April 2nd, 2007Awareness activities are an important and necessary component of an effective, layered, information assurance program. Too little time is spent on communicating information security and privacy requirements, threats, vulnerabilities, and other related issues within most organizations. Providing regular traning and ongoing awareness activities to all personnel, along with customized training to targeted groups with unique information security responsibilities, such as call centers, sales and marketing folks, and applications and systems developers, as is also very important.
Stolen Laptop: Laptop and Printouts with PII about 600 Students in Colorado
Sunday, December 17th, 2006The Longmont, CO Daily Times reported December 14 that a nurse’s laptop was stolen from her car whle she was parked at a restaurant, along with paper records containing personally identifiable information (PII): “students‚Äô names and dates of birth; the names of their schools and what grade they are in; the students‚Äô Medicaid numbers; and their parents‚Äô names.”
Stolen Laptop: Laptop and Printouts with PII about 600 Students in Colorado
Sunday, December 17th, 2006The Longmont, CO Daily Times reported December 14 that a nurse’s laptop was stolen from her car whle she was parked at a restaurant, along with paper records containing personally identifiable information (PII): “students‚Äô names and dates of birth; the names of their schools and what grade they are in; the students‚Äô Medicaid numbers; and their parents‚Äô names.”
Stolen Laptop: Cleartext Medical PII on 25,000 in Pennsylvania
Sunday, December 17th, 2006On December 14 WCPO TV 9 News reported:
“A break-in in Springdale, Ohio is affecting thousands of people in Pennsylvania. The office of Electronic Registry Systems on Northland Boulevard was broken into Thanksgiving weekend and a computer was stolen. That computer had medical records on it for some 25,000 participants in a Pennsylvania health plan. Police don’t suspect I.D. theft. They say, in other recent cases, the thieves wiped the computer’s hard drive clean and then tried to re-sell it.”
