Posts Tagged ‘privacy’

Laptop Theft: Financial Company Given $1.9 Million Penalty Following Incident for Inadequate Security Program

Tuesday, February 20th, 2007

For the first time, the United Kingdom financial regulators, the U.K. Financial Services Authority (FSA), gave a financial institution, the Nationwide Building Society, the U.K.’s largest “building society” (a member-owned mortgage lending and banking services institution) a penalty for poor data security, issuing a ¬£980,000 ($1.9 million) fine based on their response to the 2006 theft of a laptop computer containing sensitive customer data according to a February 14 notice from the FSA.

(more…)

Identity Theft: Fraudulent Use of the CVC

Monday, February 19th, 2007

An interesting article pointing out the way crooks use that 3-digit code on the back of your credit card was published in the Newark Advocate Saturday.

(more…)

VA Suspends Medical Research Following Most Recent Breach Until Security Certification Is Obtained

Sunday, February 18th, 2007

Saturday, 2/17/07, it was widely reported that the U.S. Veterans Affairs (VA) was suspendingactivities at seven specialized research centers across the country after an unprotected computer hard drive disappeared from one of the facilities in Alabama last month.”

(more…)

VA Suspends Medical Research Following Most Recent Breach Until Security Certification Is Obtained

Sunday, February 18th, 2007

Saturday, 2/17/07, it was widely reported that the U.S. Veterans Affairs (VA) was suspendingactivities at seven specialized research centers across the country after an unprotected computer hard drive disappeared from one of the facilities in Alabama last month.”

(more…)

Privacy: How to handle individual access requests in the UK in compliance with the Data Protection Act

Friday, February 16th, 2007

In many countries, such as in all 25 of the European Union states and within Canada, just to name a few, individuals have the legal right to request from organizations a verification of whether or not the organization has information about him or her, and organizations must provide to individuals, upon their request, a copy of their corresponding personal information in an easy-to-understand format, within a reasonable period of time from the request.

(more…)

Privacy Breach, Hackers and Lawsuits: Iowa Department of Education, Microsoft and Perkins Omelettes; Oh My!

Thursday, February 15th, 2007

There’s been enough interesting information security and privacy news here in my own frigid (subzero) snowy back yard in central Iowa to keep me from looking beyond the state for discussion material. Well yes, I did look beyond anyway…what I found will wait until another day.
Yesterday was interesting in that the Iowa Department of Education announced a security breach into their GED database and the Microsoft versus Comes/Iowa class action lawsuit was settled out of court.

(more…)

HSPD-12 and U.S. Government Agency Authentication and Access Controls

Wednesday, February 14th, 2007

Creating technologies that authenticate users with a high degree of confidence has always been a challenge, not only because of the typical complexity of the systems, but also because of the amount of confidence that must be placed within the end-user to appropriately secure his or her own user authentication information, most commonly the user ID and password.
Over the past several years the U.S. Government Accountability Office (GAO) has identified the historically poor authentication and access control practices as barriers for successful information sharing between not only government entities, but also with the private sector.

(more…)

HSPD-12 and U.S. Government Agency Authentication and Access Controls

Wednesday, February 14th, 2007

Creating technologies that authenticate users with a high degree of confidence has always been a challenge, not only because of the typical complexity of the systems, but also because of the amount of confidence that must be placed within the end-user to appropriately secure his or her own user authentication information, most commonly the user ID and password.
Over the past several years the U.S. Government Accountability Office (GAO) has identified the historically poor authentication and access control practices as barriers for successful information sharing between not only government entities, but also with the private sector.

(more…)

HIPAA: Privacy and the Press

Tuesday, February 13th, 2007

An interesting editorial ran this past Sunday in the Mason City, Iowa Globe Gazette about HIPAA, “The Price of Privacy: HIPAA has far-ranging implications
The title intrigued me. Yes, indeed there will be far-ranging implications to effectively start handling protected health information (PHI) in ways that will protect privacy.

(more…)

HIPAA: Privacy and the Press

Tuesday, February 13th, 2007

An interesting editorial ran this past Sunday in the Mason City, Iowa Globe Gazette about HIPAA, “The Price of Privacy: HIPAA has far-ranging implications
The title intrigued me. Yes, indeed there will be far-ranging implications to effectively start handling protected health information (PHI) in ways that will protect privacy.

(more…)