Posts Tagged ‘government’

VA Suspends Medical Research Following Most Recent Breach Until Security Certification Is Obtained

Sunday, February 18th, 2007

Saturday, 2/17/07, it was widely reported that the U.S. Veterans Affairs (VA) was suspendingactivities at seven specialized research centers across the country after an unprotected computer hard drive disappeared from one of the facilities in Alabama last month.”

(more…)

Privacy: How to handle individual access requests in the UK in compliance with the Data Protection Act

Friday, February 16th, 2007

In many countries, such as in all 25 of the European Union states and within Canada, just to name a few, individuals have the legal right to request from organizations a verification of whether or not the organization has information about him or her, and organizations must provide to individuals, upon their request, a copy of their corresponding personal information in an easy-to-understand format, within a reasonable period of time from the request.

(more…)

Privacy Breach, Hackers and Lawsuits: Iowa Department of Education, Microsoft and Perkins Omelettes; Oh My!

Thursday, February 15th, 2007

There’s been enough interesting information security and privacy news here in my own frigid (subzero) snowy back yard in central Iowa to keep me from looking beyond the state for discussion material. Well yes, I did look beyond anyway…what I found will wait until another day.
Yesterday was interesting in that the Iowa Department of Education announced a security breach into their GED database and the Microsoft versus Comes/Iowa class action lawsuit was settled out of court.

(more…)

HSPD-12 and U.S. Government Agency Authentication and Access Controls

Wednesday, February 14th, 2007

Creating technologies that authenticate users with a high degree of confidence has always been a challenge, not only because of the typical complexity of the systems, but also because of the amount of confidence that must be placed within the end-user to appropriately secure his or her own user authentication information, most commonly the user ID and password.
Over the past several years the U.S. Government Accountability Office (GAO) has identified the historically poor authentication and access control practices as barriers for successful information sharing between not only government entities, but also with the private sector.

(more…)

HSPD-12 and U.S. Government Agency Authentication and Access Controls

Wednesday, February 14th, 2007

Creating technologies that authenticate users with a high degree of confidence has always been a challenge, not only because of the typical complexity of the systems, but also because of the amount of confidence that must be placed within the end-user to appropriately secure his or her own user authentication information, most commonly the user ID and password.
Over the past several years the U.S. Government Accountability Office (GAO) has identified the historically poor authentication and access control practices as barriers for successful information sharing between not only government entities, but also with the private sector.

(more…)

Privacy Breach: FBI Loses Laptops Each Month Despite 2002 Audit Telling Them To Improve Practices

Monday, February 12th, 2007

Today the U.S. Department of Justice (DOJ) released the “The Federal Bureau of Investigation’s Control Over Weapons and Laptop Computers Follow-Up Audit” report.
As you can tell by my post title, this should be a very embarrassing report for the FBI.

(more…)

Privacy Breach: FBI Loses Laptops Each Month Despite 2002 Audit Telling Them To Improve Practices

Monday, February 12th, 2007

Today the U.S. Department of Justice (DOJ) released the “The Federal Bureau of Investigation’s Control Over Weapons and Laptop Computers Follow-Up Audit” report.
As you can tell by my post title, this should be a very embarrassing report for the FBI.

(more…)

Privacy Law: Leahy & Specter File Personal Data Privacy Act of 2007 Bill

Thursday, February 8th, 2007

On Tuesday, February 6, U.S. Sen. Patrick Leahy, D-Vt., and Sen. Arlen Specter, R-Pa., filed legislation,the Personal Data Privacy Act of 2007, that would, among other things, require organizations to notify consumers of security breaches as well as mandate the adoption of internal policies to protect personal data. This bill is generally the same as the bill Leahy proposed in 2005 and then again in 2006.

(more…)

Privacy Breach: Bank in UK Sends Personal Data of 75,000 Customers to 1 Customer Requesting Her Own Statement

Wednesday, February 7th, 2007

The Halifax Bank of Scotland sent the complete account information for 75,000 of their customers to one customer who had requested a copy of her own statement.

(more…)

HIPAA: Congressional and GAO Reports Say HHS Needs To Make Changes To Protect Patient Privacy

Monday, February 5th, 2007

According to a congressional testimony report posted February 1, “Private Health Records: Privacy Implications of the Federal Government’s Health Information Technology Initiative,” the Department of Health and Human Services (HHS) needs to do more to address privacy and security concerns connected with the new technology.
Here is an excerpt from the testimony statement of Senator Daniel K. Akaka:

(more…)