The Ohio Department of Administrative Services (DAS) has determined that the appropriate sanction for inadequate security practices by the Ohio Department of Administrative Services’ Administrative Knowledge System (OAKS) ERP project system team leader, that resulted in the theft of an un-encrypted backup tape containing the personally identifiable information (PII) of 1.3 million individuals, is the loss of 40 hours of vacation time.
Posts Tagged ‘privacy breach’
Sanctions For Ohio Breach: Lost Vacation Time, Terminations, and a “Resignation”
Sunday, October 14th, 2007Iowa Universities Provide Examples of Good and Bad Information Security and Privacy
Wednesday, October 10th, 2007In the past week the two largest universities in Iowa provided examples of both great and poor security practices. Let’s see…how about the bad example first?
ABN Amro PII Breached Through P2P: Lessons Learned
Monday, October 1st, 2007Much is written about the risks P2P presents to organizations, but many organizations continue to implement P2P technologies, or more accurately allow their personnel to implement them on computers used for business, because they are willing to risk that the threat theories will not materialize within their own organizations.
Canadian Privacy Commissioners Release TJX Investigation Report
Tuesday, September 25th, 2007Yesterday the Office of the Privacy Commissioner of Canada and the Office of the Information and Prrivacy Commissioner of Alberta released their “Report of an Investigation into the Security, Collection and Retention of Personal Information” concerning the TJX breach. The investigation was performed to determine if, and if so to what extent, the incident was a violation of Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and/or the Personal Information Protection Act (PIPA).
New FTC Report Provides Organizations Good Guidance For Protecting PII
Tuesday, September 18th, 2007Today the U.S. Federal Trade Commission (FTC) released a report, “Combating Identity Theft: Implementing a Coordinated Plan.”
Would You Be More Inclined To Work For A Company That Gave You Identity Theft Insurance As A Benefit?
Monday, September 17th, 2007Last year I had a couple of different identity theft insurance vendors contact me wanting me to endorse their products as they were trying to sell the packages to employers to offer to their employees as part of their total benefits packages.
On The Internet, If It Looks, Quacks and Walks Like a Duck, Is It *REALLY* a Duck?
Wednesday, June 20th, 2007I am a great believer of performing due diligence to ensure potential new hires have no deceptive or malicious skeletons in their past that may be reincarnated after they have been hired and entrusted with access to sensitive information and supporting resources. There are appropriate times organizations should do criminal background checks, education checks, and other checks as appropriate and legal for the position being filled and the location of the facility.
Medical Identity Theft and Bill Requiring Criminal Background Checks In LTC Facilities
Tuesday, June 19th, 2007I have had relatives very close to me who, because of degenerative diseases and medical problems, have had to go to long term care (LTC) facilities. I always worried about the care they were receiving when I was not around. I worried that others would not be caring for them in a truly caring and kind way. I worried that people who had been convicted of violent crimes and financial fraud might try to take advantage of them and the others in the facility. I tried to keep a close watch on them.
