Let’s look at the events that have occurred with the recent TJX computer hack and resulting privacy breach and identity thefts:
Posts Tagged ‘government’
PCI DSS and GLBA Compliance & Privacy Breach: Lawsuits Filed Against TJX
Sunday, February 4th, 2007CAN-SPAM Violation: TJ Web Productions Must Pay $465,000 Fine And Perform Additional Actions for 5 Years
Wednesday, January 31st, 2007Yesterday the U.S. FTC and Department of Justice jointly announced a $465,000 penalty against TJ Web Productions for violating the CAN-SPAM Act.
CAN-SPAM Violation: TJ Web Productions Must Pay $465,000 Fine And Perform Additional Actions for 5 Years
Wednesday, January 31st, 2007Yesterday the U.S. FTC and Department of Justice jointly announced a $465,000 penalty against TJ Web Productions for violating the CAN-SPAM Act.
Puget Sound Energy Ordered to Pay $995,000 For Selling Customer Personal Information
Tuesday, January 30th, 2007Puget Sound Energy, Washington state’s largest electricity and natural gas utility, with over 1 million customers in 11 western Washington counties, was ordered to pay a total of $995,000 in fines for selling their customer information to marketing companies over a five year period. Only 18,992 of the transferred calls during the five years of the marketing program–from November 2001 to March 2006–were subject to penalties because of a two-year statute of limitations, according to the commission statement.
Routine Personal Information Posting in the U.S. State Government Agencies
Monday, January 29th, 2007NBC news ran a story about how many state government agencies post sensitive personally identifiable information (PII) on their websites. In this case an Ohio county court “routinely posted traffic tickets and other public records on its Web site.”
Info Sec and Privacy Pros Need Ongoing Training
Saturday, January 20th, 2007I write a lot about the need for a comprehensive and ongoing information security and privacy education program within organizations. Many people do. More is needed. However, something that I don’t see written about much is the need for information security and privacy practitioners and leaders to also receive ongoing training covering the issues for which they are responsible. We see a lot of seminars and conferences offered, but it is often hard to get the budget approved to attend these, let alone be able to take 2, 3, 4 or even 5 days away from the office.
U.S. Commerce Dept’s CISO Leaves for the GAO Asst. Director of Security Position
Wednesday, January 17th, 2007There was an interesting short article from the Government Computer News today, “CISO leaving Commerce for GAO.”
PIPEDA Action: Canadian Airline Refuses to Make Changes After Customer Complains
Monday, January 15th, 2007The Office of the Privacy Commissioner of Canada published findings last week for a PIPEDA case in which an individual complained that a Canadian airline refused to give him access to his personal information.
It is interesting that the names of organizations are not published within the decisions and summaries of the Privacy Commissioners.
Laptop Incident: N.C. Dept of Revenue Laptop Theft Puts 30,000 Residents At Risk
Saturday, January 13th, 2007Today the North Carolina Charlotte Observer reported a laptop was stolen from the car of an N.C. Department of Revenue employee in December.
They mailed letters to all 30,000 individuals this week. According to the report this is the first time notifications have been made within N.C. since they put their privacy breach notification law for government agencies into effect during the fall of 2006.
