privacy breach Archives - Page 7 of 15 -

Posts Tagged ‘privacy breach’

Internal Threat Example: Lending Tree Privacy Breach And Civil Suit

Sunday, June 1st, 2008

Last month (May 2008…yes, it is June already!) Lending Tree got slapped with a civil suit alleging their personnel allowed mortgage lenders access to customer’s personally identifiable information (PII) and other confidential information.
The suit charges that Lending Tree did not have appropriate or adequate information safeguards in place, resulting in the employees using names, addresses, phone numbers, Social Security numbers, income information, and assorted other personal information, to market their own mortgage loans to the LendingTree customers.
The class-action lawsuit, (this is from a subscription site) represents all Lending Tree customers who submitted loan request forms to the company between Jan. 1 2006 and May 1, 2008.
From the case file…

(more…)

Tags:awareness and training, civil suit, Information Security, IT compliance, Lending Tree, personally identifiable information, PII, policies and procedures, privacy, privacy breach, risk management, security awareness, security training
Posted in Privacy and Compliance, Privacy Incidents | No Comments »

Who Had The Brilliant Idea To Outsource U.S. Passports?

Thursday, March 27th, 2008

Okay, after the recent passport files snooping debacle I found today’s news story, “Outsourcing passports ‘profound liability’” very ironic and concerning.
Not only for the reported huge waste of taxpayers’ dollars, but also for the security risks…

(more…)

Tags:awareness and training, GPO, Information Security, IT compliance, passport-gate, passports, policies and procedures, privacy breach, risk management, security awareness, security training
Posted in government, Information Security | 2 Comments »

The Benefits of a Privacy Ombudsman

Wednesday, March 26th, 2008

The folks from Cutter just notified me that an excerpt from a recent article I wrote, “Learning from a Privacy Ombudsman: A Case Study to Establish a Healthcare Services Ombudsman,” will soon be featured in the “Quote of the Day” section of the Cutter Web site.
Here’s the excerpt…

(more…)

Tags:awareness and training, healthcare, Information Security, IT compliance, policies and procedures, privacy breach, privacy ombudsman, risk management, security awareness, security training
Posted in Miscellaneous, Privacy and Compliance | No Comments »

Yet Another Stolen Laptop With Clear Text Patient PII

Tuesday, March 25th, 2008

Yet another in a long procession of laptop thefs, “Stolen laptop contains personal info of 2,500 patients“.
Here are the first few paragraphs…

(more…)

Tags:awareness and training, encryption, GAO, Information Security, IT compliance, laptop loss, laptop theft, NHLBI, patient privacy, policies and procedures, privacy breach, risk management, security awareness, security training
Posted in Lost & Stolen Laptops, Privacy Incidents | 1 Comment »

Passport Breach: Poor Security Practices Lead To Privacy Breaches

Sunday, March 23rd, 2008

The breach of the presidential candidates’ passport files were widely reported over the past few days, such as here and here, not to mention the many postings referencing it as “passport-gate” throughout the blogosphere and the political implications. However, based upon what I’ve been reading it looks more like the result of a poor, inadequate and vulnerable information security program.
There are many information security and privacy issues involved with this incident. It would make a great case study to use at a joint meeting with your information security, privacy and compliance folks. Some of the questions to include in your discussion could include…

(more…)

Tags:Analysis Corp, applications security, awareness and training, Barack Obama, Hillary Clinton, Information Security, IT compliance, John McCain, passport-gate, policies and procedures, privacy breach, risk management, security awareness, security training, Stanley Inc
Posted in Information Security, Privacy and Compliance, Privacy Incidents | No Comments »

The Emperors’ New Clothes Lack Privacy

Friday, March 21st, 2008

Over the past few weeks I’ve talked to several privacy officers and information security officers about how things are going with their initiatives, funding, and so on. Many from the financial industry, but otherwise a wide range of businesses from small to large. There has been a common theme during these discussions…

(more…)

Tags:awareness and training, Information Security, IT compliance, policies and procedures, privacy breach, risk management, security awareness, security training
Posted in Information Security, Privacy and Compliance | No Comments »

Information Security and Privacy Areas MUST Collaborate For Their Initiatives To Be Effective

Friday, March 14th, 2008

For the past several years I have written often, and given much training, to demonstrate and emphasize the need for information security and privacy areas to collaborate in their efforts. There are just too many topic overlaps between the two areas to NOT work together cooperatively.
Effectively addressing and coordinating Privacy and Information Security initiatives has moved to the top of the list for companies maintaining customer and employee information. However, there are often gaps in communication and collaboration between Privacy and Information Security activities.

(more…)

Tags:awareness and training, breach notification, Chris Grillo, CSI, Information Security, IT compliance, policies and procedures, privacy breach, risk management, security awareness, security training
Posted in Training & awareness | No Comments »